IDEAS home Printed from https://ideas.repec.org/a/bpj/johsem/v7y2010i1p20n15.html
   My bibliography  Save this article

Principles for Better Information Security through More Accurate, Transparent Risk Scoring

Author

Listed:
  • Crowther Kenneth G

    (University of Virginia)

  • Haimes Yacov Y.

    (University of Virginia)

  • Johnson M. Eric

    (Dartmouth, Tuck School of Business)

Abstract

This paper explores approaches for scoring information security risk that could lead to investment drivers and drive appropriate levels of security. Our approach is grounded on two important factors that determine cyber risk: (1) the information security resources (e.g., technologies, skills, and policies) that reduce the likelihood and consequences of successful information exploits; and (2) the security processes and capabilities that drive a continuous improvement of the security resources in use. The quality of a cyber defense system is the result of the integration of these two factors. This manuscript proposes such a two-factor hierarchical system of scoring, details candidate measures, and explores economic conditions for selecting appropriate measures. We review several scoring systems available that contain elements from this proposed system and discuss conditions for market adoption of information security scoring.

Suggested Citation

  • Crowther Kenneth G & Haimes Yacov Y. & Johnson M. Eric, 2010. "Principles for Better Information Security through More Accurate, Transparent Risk Scoring," Journal of Homeland Security and Emergency Management, De Gruyter, vol. 7(1), pages 1-20, May.
    • Handle: RePEc:bpj:johsem:v:7:y:2010:i:1:p:20:n:15
    DOI: 10.2202/1547-7355.1658
    as

    Download full text from publisher

    File URL: https://doi.org/10.2202/1547-7355.1658
    Download Restriction: For access to full text, subscription to the journal or payment for the individual article is required.
    File URL: https://libkey.io/10.2202/1547-7355.1658?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:bpj:johsem:v:7:y:2010:i:1:p:20:n:15. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Peter Golla (email available below). General contact details of provider: https://www.degruyter.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.