Information security: Why the future belongs to the quants

被引：40

作者：

Geer Jr., Daniel

Hoo, Kevin Soo

Jaquith, Andrew

机构：

[1] Harvard University’s School of Public Health, Massachusetts Institute of Technology

[2] Stanford University, Department of Management Science and Engineering

来源：

IEEE Security and Privacy | 2003年 / 1卷 / 04期

关键词：

D O I：

10.1109/MSECP.2003.1219053

中图分类号：

学科分类号：

摘要：

The requirement of risk management approach in information security with dependable and quantifiable metrics is described. The important realizations which are pushing companies away from fear, uncertainty and doubt (FUD) and toward risk management include information asset fragility, provable security, cost justification and accountability. When data is scarce, standard approach is to build models from other fields and insert expert opinion to supplement data. The Hoover Project also aims to profile security by analyzing 45 e-business applications.

引用

页码：24 / 32

页数：8

共 12 条

[1] Bernstein P.L., Against the Gods: The Remarkable Story of Risk, (1996)
[2] Gerencser M., Aguirre D., Security concerns prominent on CEO agenda, Strategy + Business, (2002)
[3] Carey A., Worldwide information security services forecast, 2001-2006, IDC Report No. 26899, (2002)
[4] Schneier B., Secrets & Lies, (2000)
[5] Implementing Software Inspections, (1981)
[6] Staniford S., Paxson V., Weaver N., How to own the internet in your spare time, Proc. Usenix Security Symp., pp. 149-167, (2002)
[7] Jaquith A.R., Learning from wall street, Secure Business Quarterly, 2, 1, (2002)
[8] Gliedman C., Managing IT risk with portfolio management thinking, CIO
[9] Arbaugh W.A., Fithen W.L., McHugh J., Windows of vulnerability, Computer, 33, 12, pp. 52-59, (2000)
[10] Quarterman J.S., Monoculture considered harmful, First Monday, 7, 2

← 1 2 →