Strategic Information Security Risk Management
Access Status
Fulltext not available
Authors
Baskerville, Richard
Date
2008Type
Book Chapter
Metadata
Show full item recordCitation
Baskerville, R. 2008. Strategic Information Security Risk Management, in Straub, D. and Goodman, S. and Baskerville, R. (ed), Information Security: Policy, Processes, and Practices, pp. 112-122. Armonk: M E Sharpe.
Source Title
Information Security: Policy, Processes, and Practices
ISBN
School
School of Information Systems
Collection
Abstract
Risk management entails more than traditional risk analysis or risk assessment. These traditional tools are limited in fundamental ways, such as the lack of reliable frequency data about past risk events and the relative rarity of many kinds of risk that must still be managed. Risk management involves four types of risk treatments: self-protection, risk transfer, self-insurance, and risk avoidance This chapter introduces an approach to risk management in which the risks and risk treatments are strategically managed using a portfolio approach. With a portfolio approach, different risk portfolios are managed through a portfolio of risk treatments.
Related items
Showing items related by title, author, creator and subject.
-
Mutavdzic, M.; Maybee, Bryan (2015)Advances in decision analysis have seen the oil and gas sector adapt its approach to project evaluation and selection through the inclusion of the principles of modern portfolio theory (MPT). Several studies have highlighted ...
-
Singh, R.; Gould, John; Chan, F.; Yang, J. (2016)Urgent liquidation of a large stock portfolio entails a liquidity cost-i.e., a "liquidation discount". This is the market impact discount in value yielded by the immediate sale of the portfolio relative to its in-hand ...
-
Pojanavatee, Sasipa (2013)Mutual funds are emerging as an opportunity for investors to automatically diversify their investments in such a way that all their money is pooled and the investment decisions are left to a professional manager. There ...