Challenges to sustainable risk management: Case example in information network security

  • Pinto C
  • Arora A
  • Hall D
 et al. 
  • 1


    Mendeley users who have this article in their library.
  • N/A


    Citations of this article.


This article contributes to more sustainable management of risk by describing frameworks for (1) valuation of avoided risks and (2) improving outsourced information security services. These contributions address the absence of a structure for rewarding successful risk management, the need for an ever-more accurate economic measure of risk, and the difficulty of transferring risks to contract-bound outsourcing entities. The manager can use these concepts to make more informed decisions in allocating resources to risk management activities. Challenges and lessons from two case studies are presented: (1) application of risk-based ROI at Lawrence Berkeley National Laboratory, and (2) information assurance outsourcing at the Navy Marine Corps Intranet.

Author-supplied keywords

  • Economic evaluation
  • Information security
  • Risk avoidance
  • Risk management
  • Security outsourcing

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document


  • C.A. Pinto

  • A. Arora

  • D. Hall

  • E. Schmitz

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free