A model for evaluating IT security investments
Communications of the ACM - Has the Internet become indispensable?
Computer security strength and risk: a quantitative approach
Computer security strength and risk: a quantitative approach
An immunological approach to change detection: algorithms, analysis and implications
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Quantified security is a weak hypothesis: a critical survey of results and assumptions
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Hi-index | 0.00 |
The article presents a simple model for the information security risk assessment. There are four main elements of the model: security threats, their business impact, security measures and their costs. The security measures – threats relationship matrix is the fundamental quantitative tool for the model. The model bases on well known methods like ALE, ROSI and ISRAM but allows for establishing more flexible and more precise metrics supporting the security management process at different organizational levels.