Computer security: a comprehensive controls checklist
Computer security: a comprehensive controls checklist
Security service level agreements: quantifiable security for the enterprise?
Proceedings of the 1999 workshop on New security paradigms
A Management Perspective on Risk of Security Threats to Information Systems
Information Technology and Management
Optimal resource allocation for securing an enterprise information infrastructure
Proceedings of the 4th international IFIP/ACM Latin American conference on Networking
Assessing the risk of intercepting VoIP calls
Computer Networks: The International Journal of Computer and Telecommunications Networking
Risk assessment in practice: A real case study
Computer Communications
Towards more secure systems: how to combine expert evaluations
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Understanding the Value of Countermeasure Portfolios in Information Systems Security
Journal of Management Information Systems
An audit framework to support information system security management
International Journal of Electronic Security and Digital Forensics
TELE-INFO'06 Proceedings of the 5th WSEAS international conference on Telecommunications and informatics
Contextual constraints in media choice: Beyond information richness
Decision Support Systems
International Journal of Information Management: The Journal for Information Professionals
Managing the investment in information security technology by use of a quantitative modeling
Information Processing and Management: an International Journal
Hi-index | 0.00 |
Information security-conscious managers of organizations have the responsibility to advise their senior management of the level of risks faced by the information systems. This requires managers to conduct vulnerability assessment as the first step of a risk analysis approach. However, a lack of real world data classification of security threats and develops a three-axis view of the threat space. It develops a scheme for probabilistic evaluation of impact of the security threats and proposes a risk management system consisting of a five-step approach. The goal is to assess the expected damages due to attacks, and managing the risk of attacks.