Back to Search Start Over

Measuring Risk: Computer Security Metrics, Automation, and Learning.

Authors :
Slayton, Rebecca
Source :
IEEE Annals of the History of Computing. Apr2015, Vol. 37 Issue 2, p32-45. 14p.
Publication Year :
2015

Abstract

Risk management is widely seen as the basis for cybersecurity in contemporary organizations, but practitioners continue to dispute its value. This article analyzes debate over computer security risk management in the 1970s and 1980s United States, using this debate to enhance our understanding of the value of computer security metrics more generally. Regulators placed a high value on risk analysis and measurement because of their association with objectivity, control, and efficiency. However, practitioners disputed the value of risk analysis, questioning the final measurement of risk. The author argues that computer security risk management was most valuable not because it provided an accurate measure of risk, but because the process of accounting for risks could contribute to organizational learning. Unfortunately, however, organizations were sorely tempted to go through the motions of risk management without engaging in the more difficult process of learning. [ABSTRACT FROM PUBLISHER]

Details

Language :
English
ISSN :
10586180
Volume :
37
Issue :
2
Database :
Academic Search Index
Journal :
IEEE Annals of the History of Computing
Publication Type :
Academic Journal
Accession number :
103120446
Full Text :
https://doi.org/10.1109/MAHC.2015.30