While user dependence on ICT is rising and the information security situation is worsening at an alarming rate, IT industry is not able to answer accurately and in time questions like "How secure is our information system?" Consequently, information security risk management is reactive and is lagging behind incidents. To overcome this problem, risk management paradigm has to change from reactive to active and from qualitative to quantitative. In this section, we present a computerized risk management approach that enables active risk management and is aligned with the leading initiative to make security measurable and manageable. Furthermore, we point out qualitative methods deficiencies and argue about the importance of use of quantitative over qualitative methods in order to improve accuracy of information security feedback information. Finally, we present two quantitative metrics, used together in the model, and enabling a quantitative risk assessment and support risk treatment decision making. © 2012 Springer-Verlag Berlin Heidelberg.
CITATION STYLE
Starc, I., & Trček, D. (2012). Towards quantitative risk management for next generation networks. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7216 LNCS, pp. 229–239). https://doi.org/10.1007/978-3-642-30382-1_28
Mendeley helps you to discover research relevant for your work.