1、7100 英文单词,英文单词,4.2 万英文字符万英文字符,中文中文 1.2 万字万字 文献出处:文献出处:Fenz S, Heurix J, Neubauer T, et al. Current challenges in information security risk managementJ. Information Management RQ2. How can information security solutions costs be factored in when determining the risk mitigation strategies, i.e. making
2、 the appropriate risk versus cost trade-off? Section 2 outlines current risk management approaches and analyzes them toward their capability of supporting cost-efficient decision making. Section 3 provides an overview of current problems in risk management approaches and discusses potential solution
3、s as well as research directions. 2. Differences and commonalities of current information security risk management approaches Risk management in the context of information security is not a new research domain. It was 1975 when the USA National Bureau of Standards proposed Annual Loss Expectancy (AL
4、E) as a metric for measuring computer-related risks (FIPS, 1975). Annual Loss Expectancy is calculated by summing up the products of impact (I(Oi ) and frequency (Fi) of harmful outcomes One shortcoming of this early approach is the fact that it does not distinguish between highly frequent, low-impact events and rare, high-impact events. In the 1980s, it was again the USA National Bureau of Standards which pushed on the efforts in the risk management domain. In a series of workshops, they
