Safeware: system safety and computers
Safeware: system safety and computers
Information Security Risk Analysis
Information Security Risk Analysis
Safety Critical Computer Systems
Safety Critical Computer Systems
Assurance in life/nation critical endeavors a panel
Proceedings of the 2002 workshop on New security paradigms
Bringing security home: a process for developing secure and usable systems
Proceedings of the 2003 workshop on New security paradigms
The user non-acceptance paradigm: INFOSEC's dirty little secret
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
Risky trust: risk-based analysis of software systems
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Journal of Systems and Software
The near real time statistical asset priority driven (nrtsapd) risk assessment methodology
SIGITE '08 Proceedings of the 9th ACM SIGITE conference on Information technology education
Quantified security is a weak hypothesis: a critical survey of results and assumptions
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Optimizing a policy authoring framework for security and privacy policies
Proceedings of the Sixth Symposium on Usable Privacy and Security
Proceedings of the 2010 workshop on New security paradigms
Expert Systems with Applications: An International Journal
Cyber-risk decision models: To insure IT or not?
Decision Support Systems
Hi-index | 0.00 |
Information security is important in proportion to an organization's dependence on information technology. When an organization's information is exposed to risk, the use of information security technology is obviously appropriate. Current information security technology, however, deals with only a small fraction of the problem of information risk. In fact, the evidence increasingly suggests that information security technology does not reduce information risk very effectively.This paper argues that we must reconsider our approach to information security from the ground up if we are to deal effectively with the problem of information risk, and proposes a new model inspired by the history of medicine.