Issue No. 01 - January/February (2012 vol. 10)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2011.128
James A. Pettigrew III , National Geospatial-Intelligence Agency
Julie J.C.H. Ryan , George Washington University
How do IT security managers make decisions in the absence of empirical data, and how do they know these decisions are successful? Some security managers seem more successful at making decisions than others. Are they guessing, or are they using some tacit knowledge? To address these questions, a study employed open-ended interviews with highly regarded, experienced security practitioners.
information security management, security decision-making, qualitative research, computer security
J. J. Ryan and J. A. Pettigrew III, "Making Successful Security Decisions: A Qualitative Evaluation," in IEEE Security & Privacy, vol. 10, no. , pp. 60-68, 2012.