Internet Archive Scholar

Information security is information risk management

Bob Blakley, Ellen McDermott, Dan Geer
2001 Proceedings of the 2001 workshop on New security paradigms - NSPW '01  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (756.5 kB)
https://web.archive.org/web/20170808140607/http://www.nspw.org/papers/2001/nspw2001-blakley.pdf?origin=publication_detail

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL. The file type is application/pdf.

Information security is important in proportion to an organization's dependence on information technology. When an organization's information is exposed to risk, the use of information security technology is obviously appropriate. Current information security technology, however, deals with only a small fraction of the problem of information risk. In fact, the evidence increasingly suggests that information security technology does not reduce information risk very effectively.This paper argues
more » ... hat we must reconsider our approach to information security from the ground up if we are to deal effectively with the problem of information risk, and proposes a new model inspired by the history of medicine.
doi:10.1145/508171.508187 dblp:conf/nspw/BlakleyMG01 fatcat:n3c7iy5uyffj7in7m4o2lwe5dq
Citation

Bob Blakley, Ellen McDermott, Dan Geer. "Information security is information risk management." Proceedings of the 2001 workshop on New security paradigms - NSPW '01 (2001) 97-104