This Article 
 Bibliographic References 
 Add to: 
Addressing Information Risk in Turbulent Times
January/February 2011 (vol. 9 no. 1)
pp. 49-57
M. Eric Johnson, Dartmouth College
Shari Pfleeger, Dartmouth College
Turbulent times exacerbate many existing information risks and create new security management challenges. Discussions and interviews with chief information security officers from a broad range of large firms about how they addressed the challenges of the economic downturn provide both actionable ideas and clues for future research.

1. P. Sandman, "Understanding the Risk: What Frightens Rarely Kills," Neiman Reports, Nieman Foundation for Journalism at Harvard Univ., Spring 2007; .
2. E. Nakashima and D. Wilgoren, "Obama Names Howard Schmidt as Cybersecurity Coordinator," Washington Post, 22 Dec. 2009, p. A1.
3. B. Brenner, "Providence Health CSO on Recovering from HIPAA Violations," CSO Online, 11 Aug. 2008; .
4. E. Nakashima and B. Krebs, "As Attacks Increase, U.S. Struggles to Recruit Computer Security Experts," Washington Post, 23 Dec. 2009, p. A1.
5. J. Riegelsberger, M.A. Sasse, and J. McCarthy, "The Mechanics of Trust: A Framework for Research and Design," Int'l J. Human-Computer Studies, vol. 62, 2005, pp. 381–422.
6. D.J. Simons and M.S. Jensen, "The Effects of Individual Differences and Task Difficulty on Inattentional Blindness," Psychonomic Bull. and Rev., vol. 16, no. 2, 2009, pp. 398–403.
7. D.J. Simons and C.F. Chabris, "Gorillas in Our Midst: Sustained Inattention Blindness for Dynamic Events," Perception, vol. 28, 1999, pp. 1059–1074.
8. M. Shermer, "None So Blind," Scientific Am., Mar. 2004, p. 42.
9. S.L. Pfleeger et al., "Insiders Behaving Badly: Addressing Bad Actors and Their Actions," IEEE Trans. Information Forensics and Security, vol. 5, no. 2, 2010, pp. 169–179.
10. "Thousands of Counterfeit Handbags, Shoes Seized," CBS News, 19 Aug. 2008; .
11. "Compromised US and Chinese Computers Launch Greatest Number of Cyber Attacks, According to SecureWorks' Data," SecureWorks press release, 22 Sept. 2008; 20080922-attacks.
12. M. Moore, "China's Global Cyber-Espionage Network GhostNet Penetrates 103 Countries," The Telegraph, 29 Mar. 2009, p. 1.
13. S.L. Pfleeger and R.K. Cunningham, "Why Measuring Security Is Hard," IEEE Security & Privacy, vol. 8, no. 4, 2010, pp. 46–54.
1. J. Predd et al., "Insiders Behaving Badly," IEEE Security & Privacy, vol. 6, no. 4, 2008, pp. 66–70.
2. J. Riegelsberger, M.A. Sasse, and J.D. McCarthy, "The Mechanics of Trust: A Framework for Research and Design," Int'l J. Human-Computer Studies, vol. 62, 2005, pp. 381–422.
3. J.S. Lerner and L.Z. Tiedens, "Portrait of the Angry Decision Maker: How Appraisal Tendencies Shape Anger's Influence on Cognition," J. Behavioral Decision Making, vol. 19, no. 2, Apr. 2006, pp. 115–137.
4. G. Klein and E. Salas eds., , Linking Expertise and Naturalistic Decision Making, Erlbaum, 2001.
5. E. Tenner, Why Things Bite Back: Technology and the Revenge of Unintended Consequences, Vintage Press, 1991.
1. K. Crowther, Y.Y. Haimes, and M.E. Johnson, "Principles for Better Information Security through More Accurate, Transparent Risk Scoring," J. Homeland Security and Emergency Management, vol. 7, no. 1, 2010, pp. 1–18.

Index Terms:
risk-assessment rating, information security, offshoring, economic downturn, CISO, human behavior
M. Eric Johnson, Shari Pfleeger, "Addressing Information Risk in Turbulent Times," IEEE Security & Privacy, vol. 9, no. 1, pp. 49-57, Jan.-Feb. 2011, doi:10.1109/MSP.2010.116
Usage of this product signifies your acceptance of the Terms of Use.