|
 ABSTRACT
Information security is important in proportion to an organization's dependence on information technology. When an organization's information is exposed to risk, the use of information security technology is obviously appropriate. Current information security technology, however, deals with only a small fraction of the problem of information risk. In fact, the evidence increasingly suggests that information security technology does not reduce information risk very effectively.This paper argues that we must reconsider our approach to information security from the ground up if we are to deal effectively with the problem of information risk, and proposes a new model inspired by the history of medicine.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
{AS} Standards Australia, "AS/NZS 4360:1999 Risk Management", 1999.
|
| |
2
|
{CSI} Computer Security Institute and US FBI, "Computer Security Issues & Trends", CSI, 2000.
|
| |
3
|
|
| |
4
|
{Basel} Bank for International Settlements, "The New Basel Capital Accord", Basel: Bank for International Settlements, 2001.
|
| |
5
|
{Bcom} Comments on New Basel Capital Accord, http://www.bis.org/bcbs/cacomments.htm
|
| |
6
|
{CERT} CERT, CERT Annual Reports, http://www.cert.org/annual_rpts/index.html
|
| |
7
|
{ECov} TechRisk.Law, "e-Coverage", Cincinnati, OH: National Underwriter Company, 2000.
|
| |
8
|
{ERisk} Lang, S., Davis, J., Jaye, D., Erwin, D., Mullarney, J., Clarke, L., and Loesch, M., "e-risk: Liabilities in a Wired World", Cincinnati, OH: National Underwriter Company, 2000.
|
| |
9
|
{FIPS31} US Department of Commerce/National Bureau of Standards, "Guidelines For Automatic Data Processing Physical Security and Risk Management", 1974.
|
| |
10
|
{FIPS191} US Department of Commerce/National Institute of Standards and Technology, "Guideline for the Analysis of Local Area Network Security", 1994.
|
| |
11
|
{GAO} US General Accounting Office, "Information Security Risk Assessment: Practices of Leading Organizations", 1999.
|
| |
12
|
{Har} Harrington, S., and Niehaus, G., "Risk Management and Insurance", Boston, Irwin/McGraw Hill, 1999.
|
| |
13
|
{HPDG} Shannon, M., Wilson, B., and Stang, C. (eds.), "Health Professional's Drug Guide", Upper Saddle River, NJ, Prentice Hall, 2002.
|
| |
14
|
{Koll} Koller, G., "Risk Assessment and Decision Making in Business and Industry", Boca Raton, Fla.: CRC Press, 1999.
|
| |
15
|
{KBPS} Kolluru, R., Bartell, S., Pitblado, R., and Stricoff, S., "Risk Assessment and Management Handbook for Environmental, Health, and Safety Professionals", Boston: McGraw-Hill, 1996.
|
 |
16
|
|
| |
17
|
{Merl} Merck & Co., "Merck's 1899 Manual", New York, Merck & Co., 1899.
|
| |
18
|
{Merl7} Beers, M., and Berkow, R. (eds.), "The Merck Manual of Diagnosis and Therapy", 17th ed., Whitehouse Station, NJ, Merck Research Laboratories, 1999.
|
| |
19
|
{NISTRMG} US National Institute of Standards and Technology, "Special Publication 800-30: Risk Management Guide" (Draft), 2001.
|
| |
20
|
{OFA} Thomas, R. (ed.), "Old Farmer's Almanac", William Ware & Co., Boston, 1900.
|
| |
21
|
|
| |
22
|
{Por} Porter, R., "The Greatest Benefit to Mankind", New York, W.W. Norton & Company, 1997.
|
| |
23
|
{Shim} Shimpi, P., "Integrating Corporate Risk Management, New York, Texere, 1999.
|
| |
24
|
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
D.4