Necessary measures: metric-driven information security risk assessment and decision making

Authors:
Wade H. Baker;Loren Paul Rees;Peter S. Tippett
Affiliations:
Virginia Tech, Blacksburg, VA;Virginia Tech, Blacksburg, VA;Verizon Business, Ashburn, VA and ICSA Labs, Mechanicsburg, PA
Venue:
Communications of the ACM
Year:
2007

Citing 6
Cited 3

Organizational information requirements, media richness and structural design

Management Science
Coping with systems risk: security planning models for management decision making

MIS Quarterly
The economics of information security investment

ACM Transactions on Information and System Security (TISSEC)
Enemy at the gate: threats to information security

Communications of the ACM - Program compaction
A model for evaluating IT security investments

Communications of the ACM - Has the Internet become indispensable?
The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers

International Journal of Electronic Commerce

An ontology- and Bayesian-based approach for determining threat probabilities

Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Decision support for Cybersecurity risk planning

Decision Support Systems
Selection of optimal countermeasure portfolio in IT security planning

Decision Support Systems

Quantified Score

Hi-index	48.22

Visualization

Abstract

Use measurable, reliable real-world metrics to improve information security decision making.