The Community for Technology Leaders
Green Image
Issue No. 03 - May/June (2009 vol. 7)
ISSN: 1540-7993
pp: 45-52
M. Eric Johnson , Dartmouth College
Shari Lawrence Pfleeger , RAND Corporation
Eric Goetz , Dartmouth College
ABSTRACT
Although security professionals have long talked about risk, moving an organization from a "security" mindset to one that thoughtfully considers information risk is a challenge. Managing information risk means building risk analysis into every business decision. The authors explore how chief information security officers (CISOs) of large firms are working to move the conversation from security toward information risk. CISOs face many organizational challenges, but they widely agreement that action plans must include risk categorization, communication, and measurement.
INDEX TERMS
information risk, security, CISO, organizational, chief information security officer
CITATION
M. Eric Johnson, Shari Lawrence Pfleeger, Eric Goetz, "Security through Information Risk Management", IEEE Security & Privacy, vol. 7, no. , pp. 45-52, May/June 2009, doi:10.1109/MSP.2009.77
104 ms
(Ver )