We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
Information Security Risk Management: In Which Security Solutions Is It Worth Investing?
- Authors
Fenz, Stefan; Ekelhart, Andreas; Neubauer, Thomas
- Abstract
As companies are increasingly exposed to information security threats, decision makers are permanently forced to pay attention to security issues. Information security risk management provides an approach for measuring the security through risk assessment, risk mitigation, and risk evaluation. Although a variety of approaches have been proposed, decision makers lack well-founded techniques that (1) show them what they are getting for their investment, (2) show them if their investment is efficient, and (3) do not demand in-depth knowledge of the IT security domain. This article defines a methodology for management decision makers that effectively addresses these problems. This work involves the conception, design, and implementation of the methodology into a software solution. The results from two qualitative case studies show the advantages of this methodology in comparison to established methodologies.
- Subjects
INFORMATION services security measures; RISK management in business; COST effectiveness; DECISION support systems; EXPERT systems; BUSINESS enterprises; RISK assessment
- Publication
Communications of the Association for Information Systems, 2011, Vol 28, p329
- ISSN
1529-3181
- Publication type
Article
- DOI
10.17705/1CAIS.02822