As network speeds and complexities increase, the development of automated systems that enact optimal tactical responses will be required. INFOSEC (information security) alert correlation systems provide a natural home for such capabilities. It can be asked whether the current generation of these systems has the technical capabilities required to enact optimal tactical responses. Specifically, i...

background for the purpose of understanding the food and drug administration’s (fda’s) concerns regarding online promotion of prescription drugs advertised directly to consumers, this study examines notices of violations (novs) and warning letters issued by the fda to pharmaceutical manufacturers.   methods the fda’s warning letters and novs, which were issued to pharmaceutical companies over a...

IT security issues and outsourcing of business processes are common but largely disjoint themes in the literature; common consideration is rare even though information security risk becomes a shared risk both through IS-based processes at outsourcing partners and potentially tightly-integrated IS systems. This paper explores this lack of an integrated model combining IT risk management view wit...

Increasing numbers of security incidents such as malware or hacker attacks prompt companies to spend billions of dollars on protecting their information systems. In this context IT risk management (ITRM) has become an important organizational function to control internal and external risks associated with IT. Much effort has been put on mitigating IT risks by means of physical, procedural, and ...

Ting and Comings [1] described how to use the Information Assurance (IA) Object Measurement (OM®) metric as a tool to measure the monitoring step (Step 6) described in the United States (U.S.) National Institute of Standards and Technology’s (NIST) Risk Management Framework (RMF)1 [2]. This chapter expands the applicability of the IA OM® metric and shows how it may be used as an enterprise-wide...

Risk management and knowledge management have so far been studied almost independently. The evolution of risk management to the holistic view of Enterprise Risk Management requires the destruction of barriers between organizational silos and the exchange and application of knowledge from different risk management areas. However, knowledge management has received little or no attention in risk m...

The theme of this paper is the occurrence of risks within information technology and information systems investments. A taxonomy of the published classification frameworks of IT related risk is presented and a new comprehensive classification framework for IT investments (the TOPModel) is presented within the TRIP model of the risk factors and critical factors affecting IT investments. Risk man...

This study develops an alternative methodology for the risk analysis of information systems security (ISS), an evidential reasoning approach under the Dempster-Shafer theory of belief functions. The approach has the following important dimensions. First, the evidential reasoning approach provides a rigorous, structured manner to incorporate relevant ISS risk factors, related counter measures an...