The article discusses use of metrics in decision making regarding information security. The authors suggest equivocality must be reduced to allow managers to make decisions regarding information technology (IT) security options. The authors propose a system to assess risks through measurement of threats, estimation of the impact of threats, and evaluation of countermeasures. A taxonomy grouping similar threats and emphasizing the complexity of threats is described. The system allows for analysis and financial impact of individual threats such as computer viruses or malcode.
Mendeley saves you time finding and organizing research
Choose a citation style from the tabs below