Secrets and Lies: Digital Security in a Networked World
Secrets and Lies: Digital Security in a Networked World
Rule Based Expert Systems: The Mycin Experiments of the Stanford Heuristic Programming Project (The Addison-Wesley series in artificial intelligence)
Defense trees for economic evaluation of security investments
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Security Metrics: Replacing Fear, Uncertainty, and Doubt
Security Metrics: Replacing Fear, Uncertainty, and Doubt
A risk-metric framework for enterprise risk management
IBM Journal of Research and Development
Aggregating trust using triangular norms in the keynote trust management system
STM'10 Proceedings of the 6th international conference on Security and trust management
| Hi-index | 0.00 |
Rather than treating security as an independent technical concern, it should be considered as just another risk that needs to be managed alongside all other business risks. An Internal Controls approach to security risk management is proposed whereby automated catalogues are built in order to provide information about security controls used to mitigate risk in business processes. Real-time evaluation and measurement of control efficacy in this model become essential to the management of risk using these catalogues and a risk-profile based approach to measuring security risk is described.