Information security is information risk management

Bob Blakley, Ellen McDermott, Dan Geer
2001 Proceedings of the 2001 workshop on New security paradigms - NSPW '01  
Information security is important in proportion to an organization's dependence on information technology. When an organization's information is exposed to risk, the use of information security technology is obviously appropriate. Current information security technology, however, deals with only a small fraction of the problem of information risk. In fact, the evidence increasingly suggests that information security technology does not reduce information risk very effectively.This paper argues
more » ... hat we must reconsider our approach to information security from the ground up if we are to deal effectively with the problem of information risk, and proposes a new model inspired by the history of medicine.
doi:10.1145/508185.508187 fatcat:ocxjjrrvnndpveeuejwdtxndye