Managerial perspectives on risk and risk taking
Management Science
Risk analysis and computer security: towards a theory at last
Computers and Security
Computer security methodology: risk analysis and project definition
Computers and Security
One approach to risk assessment
Computers and Security
Strategic risk: an ordinal approach
Management Science
Components of Software Development Risk: How to Address Them? A Project Manager Survey
IEEE Transactions on Software Engineering
Information Systems Research
Communications of the ACM - E-services: a cornucopia of digital offerings ushers in the next Net-based evolution
Why the Future Belongs to the Quants
IEEE Security and Privacy
Information system security redux
Communications of the ACM - Service-oriented computing
Management of Information Security
Management of Information Security
A model for evaluating IT security investments
Communications of the ACM - Has the Internet become indispensable?
Measuring the Risk-Based Value of IT Security Solutions
IT Professional
Information Assurance for the Enterprise: A Roadmap to Information Security
Information Assurance for the Enterprise: A Roadmap to Information Security
Managing Cybersecurity Resources (The Mcgraw-Hill Homeland Security Series)
Managing Cybersecurity Resources (The Mcgraw-Hill Homeland Security Series)
Journal of Management Information Systems - Special section: Strategic and competitive information systems
Toward an assessment of software development risk
Journal of Management Information Systems - Special section: Strategic and competitive information systems
Is Information Security Under Control?: Investigating Quality in Information Security Management
IEEE Security and Privacy
Embedding Information Security into the Organization
IEEE Security and Privacy
Optimized enterprise risk management
IBM Systems Journal
Multi-expert operational risk management
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
| Hi-index | 0.00 |
More and more attention has been devoted to the alignment of information technology (IT) spending and initiatives with organizational strategic objectives. IT spending across organizations and industries has a high opportunity cost and involves a substantial opportunity for deviations from support for the highest priorities of business units. The business justification and rationale for information security has come under similar scrutiny at a time when the nature of many organizations is being transformed by the network economy. More and more business functions and processes are enabled by information assets and capabilities that are vulnerable to new and adapting threats. This paper examines the impact of the strategic alignment of information security spending with organizational goals and with the risk tolerances of decision makers. It provides an explanation for and insight into the observed differences in executive responses to cyber threats and risk assessments. It models the relationship between security resources and risk mitigation, and it identifies the premiums that organizations expect to receive or pay for bearing or avoiding information security risk.