Challenges to sustainable risk management: Case example in information network security

Published

Journal Article

This article contributes to more sustainable management of risk by describing frameworks for (1) valuation of avoided risks and (2) improving outsourced information security services. These contributions address the absence of a structure for rewarding successful risk management, the need for an ever-more accurate economic measure of risk, and the difficulty of transferring risks to contract-bound outsourcing entities. The manager can use these concepts to make more informed decisions in allocating resources to risk management activities. Challenges and lessons from two case studies are presented: (1) application of risk-based ROI at Lawrence Berkeley National Laboratory, and (2) information assurance outsourcing at the Navy Marine Corps Intranet. © 2006 by the American Society for Engineering Management.

Full Text

Duke Authors

Cited Authors

  • Pinto, CA; Arora, A; Hall, D; Schmitz, E

Published Date

  • March 1, 2006

Published In

Volume / Issue

  • 18 / 1

Start / End Page

  • 17 - 23

International Standard Serial Number (ISSN)

  • 1042-9247

Digital Object Identifier (DOI)

  • 10.1080/10429247.2006.11431680

Citation Source

  • Scopus