[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
research-article
Free access

Information security and risk management

Published: 01 April 2008 Publication History

Abstract

Use the new PCR risk metric to find ways to enhance security, avoiding one-dimensional metrics like ALE that could risk an organization's survivability.

References

[1]
Bodin, L., Gordon, L., and Loeb, M. Evaluating information security investments using the analytic hierarchy. Commun. ACM 48, 2 (Feb. 2005), 461--485.
[2]
Gordon, L. and Loeb, M. Budgeting process for information security expenditures: Empirical evidence. Commun. ACM 49, 1 (Jan. 2006), 121--125.
[3]
Gordon, L. and Loeb, M. Managing Cybersecurity Resources: A Cost-Benefit Analysis. McGraw-Hill, New York, 2006.
[4]
Gordon, L., Loeb, M., and Lucyshyn, W. Sharing information on computer systems: An economic analysis. Journal of Accounting and Public Policy 22, 6 (Nov.-Dec. 2003), 461--485.
[5]
Gordon, L., Loeb, M., and Sohail, T. A framework for using insurance for cyber risk management. Commun. ACM 46, 3 (Mar. 2003), 81--85.
[6]
Gordon, L. and Loeb, M. The economics of investment in information security. ACM Transactions on Information and System Security 5, 4 (Nov. 2002), 438--457.
[7]
Gordon, L. and Loeb, M. A framework for using information security as a response to competitor analysis systems. Commun. ACM 44, 9 (Sept. 2001), 70--75.
[8]
Saaty, T. The Analytic Hierarchy Process. McGraw-Hill, New York, 1980.

Cited By

View all
  • (2024)Investing in security-as-a-service for e-commerce infrastructure by small and medium enterprises: a Monte Carlo approachJournal of Systems and Information Technology10.1108/JSIT-04-2023-007126:2(257-275)Online publication date: 9-Apr-2024
  • (2023)Introduction to the Cyber-Security LandscapeMalware Analysis and Intrusion Detection in Cyber-Physical Systems10.4018/978-1-6684-8666-5.ch001(1-21)Online publication date: 30-Jun-2023
  • (2023)A History of Cyber Risk TransferSSRN Electronic Journal10.2139/ssrn.4493171Online publication date: 2023
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Communications of the ACM
Communications of the ACM  Volume 51, Issue 4
The psychology of security: why do good users make bad decisions?
April 2008
94 pages
ISSN:0001-0782
EISSN:1557-7317
DOI:10.1145/1330311
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 April 2008
Published in CACM Volume 51, Issue 4

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article
  • Popular
  • Refereed

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)355
  • Downloads (Last 6 weeks)89
Reflects downloads up to 21 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2024)Investing in security-as-a-service for e-commerce infrastructure by small and medium enterprises: a Monte Carlo approachJournal of Systems and Information Technology10.1108/JSIT-04-2023-007126:2(257-275)Online publication date: 9-Apr-2024
  • (2023)Introduction to the Cyber-Security LandscapeMalware Analysis and Intrusion Detection in Cyber-Physical Systems10.4018/978-1-6684-8666-5.ch001(1-21)Online publication date: 30-Jun-2023
  • (2023)A History of Cyber Risk TransferSSRN Electronic Journal10.2139/ssrn.4493171Online publication date: 2023
  • (2022)An Empirical Investigation on Vulnerability for Software CompaniesInternational Journal of Systems and Software Security and Protection10.4018/IJSSSP.30489413:1(1-15)Online publication date: 21-Jul-2022
  • (2022)Military Information Leak Response Technology through OSINT Information Analysis Using SNSesSecurity and Communication Networks10.1155/2022/99620292022Online publication date: 1-Jan-2022
  • (2022)Detecting Cybersecurity Threats: The Role of the Recency and Risk Compensating EffectsInformation Systems Frontiers10.1007/s10796-022-10274-525:3(1277-1292)Online publication date: 30-May-2022
  • (2021)Inferior Education or Killing Grandma: The Dilemma Facing the Public School Systems in the United StatesUrban Science10.3390/urbansci50100295:1(29)Online publication date: 5-Mar-2021
  • (2021)Mathematical Model for Choosing Counterparty When Assessing Information Security RisksRisks10.3390/risks90701339:7(133)Online publication date: 13-Jul-2021
  • (2020)“So if Mr Blue Head here clicks the link...” Risk Thinking in Cyber Security Decision MakingACM Transactions on Privacy and Security10.1145/341910124:1(1-29)Online publication date: 8-Nov-2020
  • (2020)Integrating cost–benefit analysis into the NIST Cybersecurity Framework via the Gordon–Loeb ModelJournal of Cybersecurity10.1093/cybsec/tyaa0056:1Online publication date: 30-Mar-2020
  • Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Digital Edition

View this article in digital edition.

Digital Edition

Magazine Site

View this article on the magazine site (external)

Magazine Site

Login options

Full Access

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media