Strategic Information Security Risk Management
| dc.contributor.author | Baskerville, Richard | |
| dc.contributor.editor | D W Straub | |
| dc.contributor.editor | S Goodman | |
| dc.contributor.editor | R Baskerville | |
| dc.date.accessioned | 2017-01-30T11:10:40Z | |
| dc.date.available | 2017-01-30T11:10:40Z | |
| dc.date.created | 2015-07-16T07:04:23Z | |
| dc.date.issued | 2008 | |
| dc.identifier.citation | Baskerville, R. 2008. Strategic Information Security Risk Management, in Straub, D. and Goodman, S. and Baskerville, R. (ed), Information Security: Policy, Processes, and Practices, pp. 112-122. Armonk: M E Sharpe. | |
| dc.identifier.uri | http://hdl.handle.net/20.500.11937/9138 | |
| dc.description.abstract |
Risk management entails more than traditional risk analysis or risk assessment. These traditional tools are limited in fundamental ways, such as the lack of reliable frequency data about past risk events and the relative rarity of many kinds of risk that must still be managed. Risk management involves four types of risk treatments: self-protection, risk transfer, self-insurance, and risk avoidance This chapter introduces an approach to risk management in which the risks and risk treatments are strategically managed using a portfolio approach. With a portfolio approach, different risk portfolios are managed through a portfolio of risk treatments. | |
| dc.publisher | M E Sharpe Inc | |
| dc.title | Strategic Information Security Risk Management | |
| dc.type | Book Chapter | |
| dcterms.source.title | Information Security: Policy, Processes, and Practices | |
| dcterms.source.isbn | 9780765617187 | |
| dcterms.source.place | NA | |
| dcterms.source.chapter | 11 | |
| curtin.department | School of Information Systems | |
| curtin.accessStatus | Fulltext not available |