Issue No.01 - January/February (2012 vol.10)
James A. Pettigrew III , National Geospatial-Intelligence Agency
Julie J.C.H. Ryan , George Washington University
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2011.128
How do IT security managers make decisions in the absence of empirical data, and how do they know these decisions are successful? Some security managers seem more successful at making decisions than others. Are they guessing, or are they using some tacit knowledge? To address these questions, a study employed open-ended interviews with highly regarded, experienced security practitioners.
information security management, security decision-making, qualitative research, computer security
James A. Pettigrew III, Julie J.C.H. Ryan, "Making Successful Security Decisions: A Qualitative Evaluation", IEEE Security & Privacy, vol.10, no. 1, pp. 60-68, January/February 2012, doi:10.1109/MSP.2011.128