Necessary measures

  • Baker W
  • Rees L
  • Tippett P
  • 21


    Mendeley users who have this article in their library.
  • 0


    Citations of this article.


The article discusses use of metrics in decision making regarding information security. The authors suggest equivocality must be reduced to allow managers to make decisions regarding information technology (IT) security options. The authors propose a system to assess risks through measurement of threats, estimation of the impact of threats, and evaluation of countermeasures. A taxonomy grouping similar threats and emphasizing the complexity of threats is described. The system allows for analysis and financial impact of individual threats such as computer viruses or malcode.

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document


  • Wade H. Baker

  • Loren Paul Rees

  • Peter S. Tippett

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free