03_Blakley2001infosec

7/28/2019 03_Blakley2001infosec

1/8

In f o rm a t io n S e c u r it y is In f o rm a t io n R i s k M a n a g e m e n tBob B lak leyTivoli Systems, Inc .

blak ley @ us, bm .comEl le n M c D e rm ot tJ.P. MorganChase D a n G e e r@ Stake

A B S T R A C TInformation security is important in proportion to anorganization's dependence on information technology. Whenan organizatio n's information is exposed to risk, the use ofinformation security technology is obviously appropriate.Current information security technology, however, deals withonly a small fraction of the proble m of informatio n risk. Infact, the evidence increasingly suggests that informat ionsecurity technology does not reduce information risk veryeffectively.This paper argues that we must reconsider ourapproach to information security from the ground up if we areto deal effectively with the problem of inform ation risk, a ndproposes a new model inspired by the history of medicine.

1 . I N F O R M A T I O N R I S KInformation security is required because the tech nolog yapplied to information creates risks. Broadly, informationmight be improperly disclosed (that is, its confidentialitycould be compromised), modified in an inappropriate way(that is, its integrity could be compromised), or destroyed orlost (that is, its availability could be compr omised).Compromise of a valuable information asset will cause dollarlosses to the information's owner whether acknowledged ornot; the loss could be either direct (through reduction in thevalue of the information asset itself) or indirect (throug hservice interruption, damage to the reputa tion o f theinformati on's owner, loss of competitive advantage, legalliability, or other mechanisms).

1 .1 W h a t is R i s k ?In business terms, a risk is the possibility of an event whichwould reduce the value of the busi ness were it to occur. Suchan event is called an "adverse event."Every risk has a cost, and that cost can be (more or le ssprecisely) quantified. The cost of a particular risk during aparticular period of time is the probability of an adverse even toccurring during the time period multiplied by the downsideconsequence of the adverse event. The probability of an even toccurring is a number between zero and one, with zerorepresenting an event which will definitely not occur and on erepresenting an event which definite ly will occur. The

Permission to make digital or hard copies of all or part of this work forpersonal or classroom use is grmted without fee provided that copies arenot made or dislributed for profit or commercial advantage and that copiesbear this notice and the full citation on the first page. To copy otherwise,or republish, to post on servers or to redisl3"ibute o l ists , requires priorspecific permission and/or a fee.NSPW'OI, September 10-13m, 2002, Cioudcroll, New Mexico, USA.Copyright 2002 ACM 1-58113457-6/01/0009...$5.00.

consequence of an event is the dollar amount o f the r educt ionin business value which the event will cause if it occurs [Har]1 .2 M e a s u r i n g R i s kA common measure of the cost of risk is "Annualized LossExpectation," or ALE. ALE is the expected cumulat ive cost ofrisk over a period of one year as estimated in advance. Forexample, a chemical company estimates the probability of anexplosion at one of its plants during the year 2001 as one in amillion. If an explosion occurs, it will cost the company 150milli on dollars in direct and indirect expenses, (for example,repair costs, legal costs, or lost business).The ALE created by the risk o f a plan t ex plosion for the year2001 is simply:

ALEffi $15,000,000 x (1/1,000 ,000) ffi $150It's important to understand that the actual cost of this riskwill never be that of the ALE, i.e., it will never be $150 during aparticular year - it will be either $0 or $150 million . In lesscertain situations, the probability or the cost may be rangesrather than point estimates. If the probability of the expl osio nis between one in five hundred thousand and one in a mil lio nwhile the cost varies between 100 million and 200 milli on, th eALE would be:ALE= ($1 00M $20 0M) x (1/5 00,000.1/1,000,000 =$100.$4.00

It may be possible to estimate the probability distribution ofexpected loss within the range (so for example, the ALE for theexample above might be uniformly distributed between $100and $400). ALEs can also be figured based on inequalities, asis doubtless obvious.2 . M A N A G I N G R I S KBusinesses routinely manage risk as part of their day-to-dayoperations. Risks can be managed using a variety ofmechanisms, including liability transfer, indemnification,mitigation, and retention.2 .1 L i a b i l i ty T r a n s f e rA business can transfer liability for an adverse event toanother party. This takes the risk off the bus ines s's books.Liability can be transferred in two ways: by disclaime r and b yagreement. A business disclaims liability when it undertakes anactivity with the explicit understan ding that it will not be

held responsible for the consequences o f certain adverseevents, but without specifying who will be responsiblefor those consequences. A business transfers liability by entering into anagreement; to do this the business engages in an activitywith counter-party after they both agree that the counter-party will be responsible for the consequences of certainadverse events.

97


2/8

. 2 Indemnif icat ionbusiness can indemnify i tself against the consequences ofadverse event. There are two major types o fnific ation : pooli ng and hedging;.In pooli ng schemes, several busine sses share the cost ofcertain risks. If adverse events are unlik ely to happ ensimultaneously to a meaningful fi'action of the busi ness esin the pool, poolin g will decrease the cost of risk to eachorganizat ion in the pool while increasing thepredictability of the cost of risk for each busine ss in thepool. Insura nce policies are th,: most comm on type ofrisk-pooling scheme.In hedgin g schemes, a single business essentially places abet that an adverse event will happen to it. If the event i simprobable, other or ganizat ions or individuals are l ikelyto take the bet, because the probability is high that theywill win the bet. If the adverse event does not happen, thebusine ss will pay off the bet. If the adverse event d oeshappen, the bettors will have to pay the business. In thi scase, the business uses the money it collects fromwin ning the bet to defray the ccsts of the adverse event.The key to a successful hedgin g scheme is getting theodds right on the bet. Being! better than others atestimating the true odds of an adverse event can enable abusiness or an individua l to make money on he dgi ngschemes in the same way as easi 'nns make mone y on cardgames. Options are the best -imow n example of risk-hedging scheme.

. 3 Mitigat iontry to reduce the expected cost o f a risk, eithering the probability of the adverse event occurring, or The proba bilit y of an adverse event can be reduced byredesigning systems or processe.~; to eliminate the event'skno wn or suspe cted causes. :Ln the extreme case, theprobability of an event can be reduced to zero by enti relyavoiding the activity whic h creates the risk. In bus ine ss

terms this might mean foregoirtg an oppor tunit y whic hhas potential rewards but also carries substantial risk. The consequences of an adverse event can be reduced bytaking steps to limit the damage the event causes. Thesesteps either prevent the damage caused by the adverseevent from spreading, or they shorten the time du ri ngwhich the event causes damage by accelerat ing detect ionand recovery. Buildin g codes that anticipate earthqu akesdo nothing to prevent earthquakes but they do lessen thedamage that would otherwise be inevitable anduncont ro l led .2 . 4 RetentionIf an adverse event is not very c ostly or not very likely tooccur, or if the benefits to be realized from ta king a risk aregreat, a busines s may choose to retain the risk which t headverse eve nt creates. If the busin ess chooses to set aside funds to offset thecost of retained risks, it is s;iid to self-insure a gai nstthese risks. Cyclical industries often approach inher entsector risk in this way, storing up fun ds in fat yearsagainst the lean.

A busine ss which retains risks without setting asifunds to offset their costs is said to accept retained riskMany large companies do this with respect to the travrisks their employees incur, for example when they r eautomobi les .

3. INFORMA TION SECURITYUp to this point we have used examples unlrela ted information risk to i l lustrate risk management. Fai lures information security are clearly adverse events which caulosses to business; therefore, information security is a rmanage ment discipl ine, whose job is to manage the cost infor mation risk to the business.3 . 1 W h a t is Informa tion Securi ty?Where infor mation risk is well enough understood and at lein broad terms stable, infor mation security starts with policiThese policies describe "'who should be allowed to do what"sensi t ive information.Once an informati on security policy has been defined, the ntask is to enforce the policy. To do this, the busine ss dep loa mix of processes and technical mechanisms. These processand mechanisms fall into four categories: Protecti on measures (both processes and tech ni

mechanisms) aim to prevent adverse events froccurring. Detection measures alert the busine ss when adveevents occu r . Response measures deal with the conseque nces of adveevents and return the business to a safe con ditio n afterevent has been dealt with. Assuran ce measures Validate the effectiveness and prooperation of protection, detection, and response measurThe final informa tion security task is an audit to determine effect iveness of the measures taken to protect infor matagainst risk, We say "final" but, obviousl y, the job information risk manag ement is never done. The poldefinition, protection, and audit tasks are performed over aover again, and the lessons learned each time through the cyare applied during the next cycle.3 .2 W h a t ' s w r o n g w i t h informati on securi tyIt ' s increasingly evident that information securi ty as defiabove simply isn ' t doing the job. Every day, newspapers trade journals carry stories of the latest virus, denial-of-servattack, website defacement, or bug in an important secuproduct. The public is getting the message even if the osensible reaction is dread.Why is information security failing7 We posit two reas oinformation security focuses on only a small part of problem of informa tion risk, and it doe sn' t do a very good of protecting businesses against even that small part.3.2 .1 FocusInformation securi ty technology focuses primari ly on mitigation. Info rmat ion security risk analysis processes geared toward imagin ing and then confirming tech nvulnerabil i t ies in informat ion systems, so that s teps cantaken to mitigate the risks those vulne rabi litie s create. some cases mana geme nt will be asked to sign a risk a ccepta

9 8


3/8

( tha t i s, to re ta in a r i sk) a f te r a r i sk ana lys is . A r i sk acce p tan cewi l l t y p i c a l l y i n c l u d e e i t h er a p l a n f o r f u t u r e mi t i g a t i o n o r aj u s t i f i c a t i o n o f t h e e c o n o mi c r a t i o n a le f o r c h o o s i n g n o t t omi t i g a t e .I n f o r ma t i o n s e c u r i t y a s a d i s c i p l i n e i s o f t e n b i a s e d t o wa r d t e c h n o l o g i c a l me c h a n i s ms r a th e r t h a n p r o c e s sm e c h a n i s m s , i n f a v o r o f l o g i c a l ( th a t is , c o m p u t e r h a r d wa r e a n d

s o f t wa r e ) me c h a n i s ms , a n d a g a i n s t p h y s i c a l m e c h a n i s m s ( s u c h a s l o c k s , wa l l s ,cameras , e tc . . . )Ev e n w i t h i n t h e c a t e g o r y o f r i s k mi n i m i z a t i o n a c t i v i t i e s ,i n f o r ma t i o n s e c u r i t y f o c u s e s mo r e o n r e d u c i n g p r o b a b i l i t y o fa n a d v e r s e e v e n t t h a n o n r e d u c i n g i ts c o n s e q u e n c e s . A n dwh e r e c o n s e q u e n c e r e d u c t i o n i s i mp l e me n t e d , i t t e n d s t o f o c u sm u c h m o r e s t ro n g l y o n q u ic k r e c o v e r y ( fo r e x am p l e , b y u s i n ga g g r e s s i v e a u d i t i n g t o i d e n t i f y t h e l a s t k n o w n g o o d s t a te o ft h e s y st e m ) t h an o n m i n i m i z i n g t h e m a g n i t u d e o f a l o s st h r o u g h me a s u r e s t o p r e v e n t d a ma g e f r o m s p r e a d i n g .I n f o r ma t i o n s e c u r i t y a c t i v i t i e s r a r e l y i n c l u d e a n y d i s c u s s i o no f i n d e m n i t y o r l i a b i l it y t r a n s f er , a l t h o u g h s o m eo r g a n i z a t i o n s d o a d d r e s s t h e s e i s s u e s i n a n " o p e r a t i o n a l r i s k "o r g a n i z a t i o n s e p a r a t e f ro m t h e i n f o r ma t i o n s e c u r i t yo r g a n i z a t i o n .T h e f o l l o wi n g c h a r t o r g a n i z e s i n f o r ma t i o n s e c u r i t y p r o d u c t se n d p r o c e s s e s a c c o r d i n g t o th e r is k m a n a g e m e n t a c t i v i t i e sthey implem ent . The char t c lear ly i llus t ra tes the p roblem.

T a b l e 1 .

mmilm, m im

m

m l n m

r ~ - v h ~ 4I q v 6mTImm,lmm-IdmmE m m a ,wmlm

l a m m Lmmm4* dm~m,

m w f ~al l ,b ymmow..

ram-

3.2.2 EffectivenessT h e an n u a l F BI / CS I c o m p u t e r c r i me s u r v e y s a n d t h e CE R Tc o o r d i n a t i o n c e n t e r a n n u a l s u mm a r i e s [ CER T ] h a v e s h o wns u b s t a n t i a l i n c r e a s e s i n t h e n u m b e r o f s e c u r i t y i n c i d e n ts a n di n t h e d o l l a r l o s s e s r e s u l t i n g f r o m i n c i d e n t s i n e a c h o f t h e p a s tf i v e y e a r s .T h e y e a r 2 0 0 0 F BI / C S I s u r v e y [ CS I ] n e v e r t h e l e s s r e p o r t s t h a tu s e o f i n f o r ma t i o n se c u r i t y t e c h n o l o g i e s i s v e r y w i d e s p r e a d -c l o s e to 1 0 0 % o f c o m p a n i e s r e s p o n d in g t o t h e F B I / C S I s u r v e yuse ant iv i rus , f i rewal l , and access cont ro l techno logias .T h e c o m b i n a t i o n o f n e a r ly u n i v e r s a l d e p l o y m e n t o f s e c u r i t yt e c h n o l o g y w i th r a p i d l y a n d st e a d i l y r i s i n g l o s s e s s t r o n g l ys u g g e s t s t h a t s e c u r i t y t e c h n o l o g i e s ( a n d p r o c e s s e s, a l t h o u g ht h e s e a r e n o t c o v e r e d i n t h e F B I / CS I s u r v e y ) d o n o t p r e v e n tl o s se s - i n o t h e r wo r d s , t h e y d o n ' t wo r k [

F u r t h e r, a s Ar b a u g h , F i t h e n , a n d M c H u g h h a v e s h o wn [ AF M] ,i d e n t i f i c a t i o n o f a v u l n e r a b i l i t y e n d it s e x p l o i t a t i o n a r e b o t hsepara ted in t ime. Fur therm ore , r i sks a r i s ing f rom av u l n e r a b i l i t y a r e o f t e n mu l t i p l i e d b o t h b y s c r i p t i n g o f t h ea t t a c k a n d b y th e h a p h a z a r d d e p l o y m e n t o f p a t c h e s e v e n wh e nthey are eas i ly ava i lab le .4 . Q U A N T I F I C A T I O N O F INFORMATION

SECURITY RISKR i s k a n a l y s i s h a s b e e n r e c o g n i z e d a s a n i mp o r t a n t i n f o r ma t i o ns e c u r i t y d i s c i p li n e f o r a l o n g t i me . I n f o r m a t i o n s e c u r i t y r i s ka n a l y s i s me t h o d o l o g i e s we r e d e v e l o p e d l o n g a g o , a n d s o me o ft h e s e me t h o d o l o g i e s h a v e b e e n in c l u d e d i n f o r ma li n f o r ma t i o n s e c u r i ty s t a n d a rd s . T h e l a r g e ma j o r i t y o f t h e s es t a n d a r d s h a v e b e e n q u a l i t a t i v e - t h a t i s, t h e i r a s s e s s me n t o fp r o b a b i l i t y a n d c o n s e q u e n c e o f r i s k s i s b a s e d o n a" l o w / me d i u m / h i g h " c h a r a c t e r i z a t i o n r a th e r t h a n o n a s p e c i f i cp r o b a b i l i t y a n d a s p e c i f ic d o l l a r a m o u n t o f lo s s . Qu a l i t a t i v ei n f o r ma t i o n s e c u r i t y r i s k ma n a g e me n t s t a n d a r d s i n c l u d e t h eUS F e d e r a l s t a n d a r d s [ F I P S 3 1 ] a n d [ F I P S 1 9 1 ] . R e c e n tg u i d e l i n e s wh i c h r e c o m me n d q u a l i t a ti v e r i s k a n a l y s i st e c h n i q u e s i n c l u d e [ GAO] a n d th e n e wl y i s s u e d d r a f tt ~ S T R M O ] .Qu a n t i t a t i v e i n f o r ma t i o n s e c u r i t y r is k ma n a g e m e n t s t a n d a r d sh a v e b e e n d e v e l o p e d , i n c l u d i n g t h e n o w wi t h d r a wn [ F I P S 65 ] .T h e a u t h o r s a r e n o t a wa r e o f a n y c u r r e n t i n f o r ma t i o n s e c u r i t ys t a n d a r d wh i c h ma n d a t e s t h e u s e o f a q u a n t it a t i v e r i s ka n a l y s i s me t h o d , t h o u g h t h e Au s t r a l i a n n a t i o n a l s t a n d a r d f o rr i s k a n a ly s i s [ AS ] p e r mi t s t h e u s e o f e it h e r q u a l i t a t iv e o rq u a n t i t a t i v e a n a l y s is . Me t h o d o l o g i e s f o r q u a n t i t a t i v e a n dmi x e d q u e n t i t a t i v e / q u a l i t a t i v e i n f o r m a t i o n s e cu r i t y r i s ka n a l y s i s h a v e b e e n p u b l i s h e d ; s e e f o r e x a mp l e [ P e lt ] .Qu a n t i t a t i v e r i s k a n a l y s i s i s u s e d e x t e n s i v e l y i n d i s c i p l i n e so t h e r t h e n i n f o r ma t i o n s e c u r i ty , i n c l u d i n g f i n a n ce , h e a l th c a r e ,a n d s a f e t y ( s e e [ KBP S ] f o r a n u m b e r o f e x a mp l e s ) . T h e r e is al a r g e b o d y o f l i te r a t u re o n me t h o d s f o r q u a n t it a t i v e r i s kanalys is in these f ie lds ; sources inc lude [Ko l l ] and [Vosc ] .Good da ta i s a p rerequis i te to qua l i ta t ive r i sk ana lys is , and thel a ck n f g o o d d a t a m a y b e t h e m a i n r e a s o n q u a l i t at i v e a n a l y s i so f i n f o r ma t i o n s e c u r i t y r is k i s n o t u s u a l l y p e r f o rme d . [ GAO]e x p l i c i t l y a c k n o wl e d g e s t h i s : " R e l i a b l y a s s e s s i n g i n f o r ma t i o ns e c u r i t y r i s ks c a n b e mo r e d i f f i c u l t t h a n a s s e s s i n g o t h e r t y p e so f r is k s , b e c a u s e t h e d a ta o n t h e l i k e l i h o o d a n d c o s t sa s s o c i a t e d w i t h i n f o r ma t i o n s e c u r i t y r i s k f a c t o rs a re o f t e nmo r e l i m i t e d a n d b e c a u s e r i s k f a c t o r s a r e c o n s t a n t l yc h a n g i n g . "I n s u r e r s s e e m t o a g r e e th a t d a t a i s l ac k i n g . T h e Na t i o n a lU n d e r w r i te r C o m p a n y ' s g u i d e t o r i sk i n th e w i re d w o r l d[ ER i s k ] wa r n s : " T h e l a c k o f h i s t o r i c a l d a t a p r e s e n t s o n e o f t h emo s t d i f f i c u l t c h a l l e n g e s wh e n t r y i n g t o a n a l y z e o n l i n ee x p o s u r e s . . , t h e i n s u r a n c e i n d u s t r y t y p i c a l l y d e p e n d s o n l a r g eb o d i e s o f a c tu a r i a l d a t a c o l l e c te d o v e r l o n g p e r i o d s o f ti me t od e v e l o p p r i c i n g mo d e l s f o r i n s u r a b l e e x p o s u r e s . Bu t i n t h eW i r e d W o r l d e x p o s u r e s a r c s o n e w a n d a r e g r o wi n g s o r a p i d l yi n te r ms o f f re q u e n c y a n d s e v e r i t y t h a t th i s i s n o t a n e a s yt a s k . "De sp it t h e l a c k o f a c tu a r i a l d a t a , ma n y i n s u r er s ( i n c l u d i n gAI G, L l o y d ' s , Ch u b b , Zu r i c h , a n d o t h e rs ; a p a r ti a l l i s t c a n b ef o u n d i n [ ECo v ] ) a r e o f f e r i n g p o l i c i e s wh i c h c o v e r l o s s es d u et o fa i l u r es o f i n f o r ma t i o n s e c u r i ty . Bu t t h e a c t u a ri a l b a s is f o rt h e s e p o l i c i e s i s u n c l e a r , a s t h e Na t i o n a l Un d e r wr i t e r Co mp a n y[ ECo v ] e x p l a i n s : " T h e i n s u r a n c e i n d u s t r y h a s wo r k e d c l o s e l y

9 9


4/8

a c t u a r i e s a n d f i n a n c i a l a n a l : r s ts t o m a p o u t t h eo n s f o r t h e p r o b a b i l i t i e s o f l o ss , t h e p r o b a b l e c o s t sr i o s o f l o s s , a n d f o r r, t e s a n d r a t i n g s t r u c t u r e sa c c e p t a b l e r i s k s . A f t e r y e a r s , d e c a d e s , a n d e v e n c e n t u r i e s o fc u l a t i o n s f o r v a r i o u s p r o b a b i l i t i e s h a v e b e e nT h e s e t a b l e s e n d c h ar t s t y p i c a l l y d e a l i n a w o r l dt h e e v e n ts t h a t t e n d t o c a u s e t h e d a m a g e s h a v e b e e nf i e d p r e v i o u s l y a n d p r o v i d e a b as i s f o r w h i c h t h e f u t u r eb e p r e d i c te d . T h e n e w e c o n o m y h a s d i s r u p t e d t h i su m . N e w r i s k s a re e m e r g i n g , a n d th e i n s u r a n c eh a s h a d o n l y a b r i e f p e r i o d o f t / m e t o s c r a t c h t h ef o r p o t e n t i a l l i a b i l i t i e s . S o f a r t h e r e h a v e b e e nl y f e w c l a i m s t h a t h a v e m a t e r i a l l y a f f e c t e d t h el o g y i n d u s t ry . I t i s t o o e a r l y t o e s t a b l is h a c t u a r i a lo q u a n t i f y t e c h n o l o g y r i s k s . . . B e c a u s e th e a c t u a r i e se th e d a t a n e e d e d t o p r e d i c t l o s s e s , t h e f i n a n c i a la r c h a m p e r e d i n p r e d i c t in g h he f i n a n c i a l v i a b i l i t y o ff i n a n c e i n d u s t r y c e r t a i n l y s e e s a l a c k o f i n f o r m a t i o nt a . T h e r e v i s e d B a s e l a c c o r d [ B a s e l ], w h i c ho u n t o f c a p i t a l t h a t b a n k s m u s t s e t a s id e a s ag e a g a i n s t r i s k , r e q u i r e s f o r t h e f i r s t t i m e t h a t b a n k s s e tc a p i t a l to o f f s e t o p e r a t i o n a l , r i s k ( w h i c h i n c l u d e sy r i s ks ) . B a n k s w h i c h c a n d e m o n s t r a t e ,i n g i n J a n u a r y 2 0 0 5 a n d b a s e d o n 3 y e a r s o f a u d i t a b l ea , th a t t h e ir r i s k e x p o s u r e i s lo w e r th a n t h e B a s e l a c c o r d ' st h e i r c a p i t a l s e t, s i d e f r o m t h e v e r yu n t r e q u i r e d b y t h e a c c o rd a s a b a s e l in e . Ae n u m b e r o f f i n a n c ia l i n s t i tu t i o n s h a v e c o m m e n t e d] o n t h e r e v i s e d ac c o r d . T h e A m e r i c a n B a n k e r ' ss o c i a t i o n w r o t e " . . . o n l y a f e w iJ . ls t it u t io n s a p p e a r t o b em o d e l i n g o p e r a t i o n a l r i s k , a n d m o d e l i n g i s v e r yd e v e l o p m e n t . . , w h e t h e r a t t e m p t i n g to m o d e lr i s k s o r n o t , m o s t b a n k s h a v e n o t c a p t u r e d t he d a t ao p e r a t i o n a l ~ .s k, e v e n a t a t h e o r e t i c a l" . B a n k o f A m e r i c a w r o t e " W e d o n o t b e l i e v e t h a tm e a s u r a b l e u s i n g m e t h o d s a n d d a t a t h a tr e a v a i l a b l e a t t h i s t i m e . . . O n l y e. h a n d f u l o f b a n k s h a v em e n t e d q u a n t i t a ti v e a p p r c . a ch e s f o r m e a s u r i n gn d t he m o d e l s a n : l a r g e l y u n t e s t e d ." T h e

o n d F e d e r a l R e s e r v e w r o te : " W e a r c c o n c e r n e d a b o u t t h el a c k o f d a t a o n o p e r a t i o n a l r i s k , a n d a c k n o w l e d g e t h a t b a n k st o p u b l ic i :, ,e d e t a i l s o f l o s s e s f r o ms u c h p r o b l e m s a s d e f i c i e n c i e s i n in t e r n a l c o n tr o l s , h u m a ne r r o r , o r s y s t e m f a i l u r e . "n o r d e r t o q u a n t if y i n f o r m a t i o n s e c u r i ty r is k , a n d t h ee f f e c t iv e n e s s o f i n f o r m a t i o n s e c u r i t y r i sk c o n t r o l m e a s u r e s ,h e f o l l o w i n g i n f o r m a t i o n n e e d s t o b e c o l l ec t e d . S o m e i sa l r e a d y i n g o o d s u p p l y , s o m e i s n o t. T h e r e w i l l b e t e m p t a t i o n s

t o e x t r a p o l a t e f r o m a v a i l a b l e d a t a t o l e s s - a v a i l a b l e d a t a , a n d t oa p p l y r is k - m e a s u r e m e n t m e t h o d s w h i c h a m a l r e a d yu n d e r s t o o d o u t s i d e o f t h e ir a p p r o p r i a t e d o m a i n s o f u s e ; t h ea u t h o rs c a u t i o n th a t t h e s e t e m p t a t i o n s s h o u l d b e a v o i d e d .4 .1 V u l n e r a b i l i t i e sA c o m p r e h e n s i v e l i st o f i n f o r m a t i o n s e c u r i ty v u l n e r a b i l i t i e sn e e d s t o be d e v e l o p e d . F o r e a c h v u l n e r a b i l i t y , i n f o r m a t i o nn e e d s to b e g a t h e r e d a n d r e g u l a r l y u p d a t e d a b o u t t h e e a s e a n df i c q u c n c y o f e x p l o i ta t i o n , a n d e a s e a n d s p e e d o f r e c o v e r y f r o me x p l o i t a t i o n . T h i s i n f o r m a t i o n m u s t b e c o l l e c t e d a n d m a d ea v a i l a b l e i n a w a y t h a t d e m o n s t r a b l y m i n i m i z e s t h ep r o b a b i l i t y o f e x p l o i ta t i o n i n a n e c c m o m i c a l ly h a r m f u l w a y

4 . 2 I n c i d e n t sI n f o r m a t i o n n e ed s t o b e g a t h e r e d a b o u t s e c u r i ty i n c i d e ne x p e r i e n c e d b y b u s i n e s s e s w o r l d w i d e . T h i s i n f o r m a t i o n m ui n c l u d e w h a t v u l n e r a b i l i ti e s w e r e e x p l o i t e d a n d h o w r e s p o na n d r e c o v e r y w e r e h a n d l e d . I n c i d e n t s t h a t a r e t r a c e a b l e v u l n e r a b i l i ti e s a l r e a d y k n o w n a r e o n e t h i n g a n d w i l l b em a t t e r o f d i s c u s s i o n b e t w e e n i n s u r e r s a n d v i c t im s i f i n o t h e r s i tu a t io n . I n c i d e n t s t h a t h i g h l i g h t p r e v i o u s l y u n k n o wv u l n e r a b i l i t ie s m u s t b e f e d b a c k t o t h a t c a t a lo g . Ti n f o r m a t i o n n e e d s t o b e c o l le c t e d a n d m a d e a v a i l a b l e i n a ww h i c h d o e s n o t c r e a te a d d i t i o n a l l i a b i l it i e s f o r t h e r e p o r t io r g a n i z a t i o n s ( a n d h e n c e i n c e n t i v e s t o a v o i d r e p o r ti n g ) .4 . 3 L o s s e sF o r e a c h i n c i d e n t i d e n ti f ie d , i n f o r m a t i o n n e e d s t o b e c o l l e ca b o u t d ir e c t m o n e t a r y l o s s e s c a u s e d b y t h e i n c i d e n t a n d a bi n d i r e c t l o s s e s ( fo r e x a m p l e , r e p u t a t i o n d a m a g e or lb u s i n e s s ) w i t h a n e s ti m a t e o f t h e m o n e t a r y l o s s e s r e s u l tf r o m t h e s e i n d i r e c t l o s s e s . T h e c a l c u l a t i o n o f l o s s e s n e e d s b e d o n e u s i n g a u n i f o r m m e t h o d o l o g y , a n d th e i n f o r m a tn e e d s to b e c o l l e c t e d a n d m a d e a v a i l a b l e i n a w a y w h i c h dn o t c r e a te a d d i t i o n a l l i a b i li t i e s f o r t h e r e p o r to r g a n i z a t i o n s .T h e N a t i o n a l U n d e r w r i t e r C o m p a n y [ E C o v ] , r e c o g n i z i n g l a c k o f t h is k i n d o f a c t u a r ia l i n f o r m a t i o n a b o u t i n f o r m a t is e c u r i t y - r e l a t e d lo s s e s , h a s s o l i c i te d t h e a i d o f t h e t e c h n o l os t a f f o f t h e i n s u r a n c e i n d u s l r y i t s e l f i n f ix i n g t h e p r o b l e" E v e n t h o u g h i n s u r a n c e I T s t a ff e r s c a n r e v e rt to t h e s at e c h i e t a l k t h a t t e c h n o l o g y c l i e n t s u s e , t h e y a r e o f t e n r e q u it o e x p l a i n t e c h n o l o g i c a l a d v a n c e m e n t s a n d e n h a n c e m e n t s u p p e r m a n a g e m e n t o f t h e i n s u r a n c e c o m p a n y , e s p e c i a ll y w hd i s c u s s i n g I T e x p e n d i t u re s . I f t h e y c a n d o th a t , w h y c a n ' t t hb e u s e d t o h e l p u n d e r w r i t e r s d e v e l o p a s s e s s m e n t u n d e r w r i t i n g t o o l s a n d t r a i n c l a i m s p r o f e s s i o n a l s i n i n t r ic a c i e s o f I T l o s s e s ."W e a sk a s i m i l a r q u e s t io n : i f t h e IT s e c u r i t y i n d u s t r y d e s i g n c o u n t e r m e a s u r e s a n d c o u n s e l c l i e n t s o n h o w t o d e ft h e i r sy s t e m s , w h y c a n ' t w e h e l p u n d e r w r i t e r s d e v ea s s e s s m e n t a n d u n d e r w r i t i n g t o o l s a n d U ra in c l ap r o f e s s i o n a l s i n t h e i n t r ic a c i e s o f I T l o s s e s ? D o w e hs o m e t h i n g m o r e i m p o r t a n t t o d o 74 . 4 C o u n t e r m e a s u r e E f f e c t i v e n e s sA c o m p r e h e n s i v e l is t o f a v a i l a b l e s e c u r iW m e a s u r e s n e e d sb e d e v e l o p e d , t o g e t h e r w i t h i n f o r m a t i o n a b o u t a b o u t t h e co f a c q u i r in g , m a n a g i n g , a n d m a i n t a i n i n g e a c h s e c um e a s u r e . F o r e a c h i n c id e n t id e n t i f ie d , i n f o r m a t i o n n e e d s t oc o l l e c te d a b o u t w h i c h s e c u r i ty m e a s u r e s w e r e i n us e a t t h e to f t h e in c i d en t , w h i c h s e c u r i ty m e a s u r e s w e r e b y p a s s e d , w hs e c u r it y m e a s u r e s w e r e d e f e a t e d , a n d h o w m u c h t i m e a n d e fw e r e r e q u i r e d t o c i r c m n v a n t o r d e f e a t th e s e c u r i t y m e a s u r e sp l a ce . S o m e m e c h a n i s m m u s t b e p u t i n p l a c e t o c o m b a t o b v i o u s t e m p t a t i o n s t o d i s t o r t p r e - a n d p o s t - e v e n t r e a d i na n d p r o t e c t i o n p o s t u r e s a n d e v e n t d e t a i l s i n o r d e r t o o b s co r c o n c e a l t h e o c c u r r e n c e o f e v e n t s , to e m b e l l i s h w a r s t o r ie st o a v o i d p e r s o n a l o r c o r p o r a t e a c c o u n t a b i l i t y .S . W H A T D O E S T H E C U R R E N T

S I T U A T I O N L O O K L I K E ?W e h a v e d e s c r i b e d a w o r l d i n w h i c h w e h a v e v e r y li n f o r m a t i o n a b o u t f r e q u e n c y o f o c c u r r e n c e o f a d v e r s e e va n d a b o u t th e s e r i o u s n e s s o f t h e i r c o n s e q u e n c e s . W e

i 0 0


5/8

k n o w v e r y l i t tl e a b o u t t h e e f f e c t i v e n e s s o f t h e m e a s u r e s w et a k e to p r e v e n t a d v e r s e e v e n t s o r a l l e v i a te t h e i r c o n s e q u e n c e s .T h e p e o p l e to w h o m t h e s e e v e n t s h a p p e n h a v e f e w i n c e n t i v e st o r e p o r t t h em ; c o n v e r s e l y , t h e y h a v e m a n y i n c e n t i v e s t os u p p r e s s i n f o r m a t i o n a b o u t t h e m . F i n a l l y , t h e s y s t e m w e a r ea t t e m p t i n g to p r o t e c t ( r o u g h l y c o m p o s e d o f t h e g l o b a lI n t e r n e t a n d e v e r y t h i n g a t t a c h e d t o i t ) i s f a r t o o c o m p l e x t o b eu n d e r s t o o d i n d e t a i l .T h i s s i t u a t i o n l o o k s t o t h e a u t h o r s v e r y m u c h l i k e t h e s t a t e o fm e d i c a l p r a c t i c e i n t h e 1 9 t h c e n t u r y ( f o r a g o o d g e n e r a lt r e a tm e n t o f t he d e v e l o p m e n t o f s c i e n t i f ic m e d i c i n e , s e e [ P o r] ,w h i c h i n c l u d e s a n e x t e n s i v e b i b l i o g r a p h y ) . M e d i c a lp r a c t i t i o n e r s h a d a p o o r u n d e r s t a n d i n g o f t h e p r e v a l e n c e , , a n dl i k e l y o u t c o m e s o f i l l n e s s c a u s e s ( th e 1 8 9 9 f i r s t e d i t i o n o f t h eM e r c k M a n u a l [ M e r l ] c o n t a i n s n o i n f o r m a t i o n a b o u t c a u s e s ,s y m p t o m s , o r m o r t a l i t y r a t e s o f t h e c o n d i t i o n s i t d e s c ri b e s ; i tc o n s i s t s e n t i r e l y o f l i st s o f p r e p a r a t i o n s w h i c h c o u l d b ea d m i n i s t e r e d f o r e a c h c o n d i t i o n , w i t h n o a d v i c e o n h o w t oc h o o s e a m o n g t h e m a n y o p t i o n s ) , a n d t h e s a f e t y a n de f f e c t iv e n e s s o f t r e a tm e n t s ( T h e 1 9 00 e d i t i o n o f t h e O l dF a r m e r ' s A l m a n a c in c l u d e s a n a d v e r t is e m e n t f o r W i s t a r ' sB a l s a m o f W i l d C h e r ry , w h i c h c l a i m s t h a t " I t i s th e m o s tr e l i a b l e p r e p a r a t i o n i n t h e w o r l d f o r t h e c u r e o f C o u g h s ,I n f lu e n z a , B r o n c h i ti s , W h o o p i n g C o u g h , a n d a l l T h r o a t a n dL u n g T r o u b l es , a n d in m a n y w e l l a t t e s te d c a s e s, C o n s u m p t i o n[ i .e . T u b e r c u l o s i s ] h a s y i e l d e d t o i t s w o n d e r f u l i n f l u e n c e "[ O F A ] ) . T h e p u b l i c f e a r e d m e d i c a l tr e a t m e n t ( f o r g o o d r e a s o n s ,d e s p i t e f r eq u e n t o u t b r e a k s o f s e r i o u s d i s e a s e s ) , a n d w i d e l yc o n s i d e r e d m e d i c i n e to b e i n e f fe c t iv e . A n d o f c o u rs e , t h eh u m a n o r g a n i s m w a s t o o c o m p l e x t o r e a l l y u n d e r s ta n d .T h e w o r l d o f m e d i c i n e t o d a y i s v e r y d i f f e r en t - e v e n t h o u g ht h e h u m a n o r g a n i s m i s s t i ll t o o c o m p l e x t o u n d e r s t a n d .T o d a y , d r u g a d v e r t i s i n g i s h e a v i l y r e g u l a t e d , a n da d v e r t i s e m e n t s a r e r e q u i r ed t o p r o v i d e e x t e n s i v e i n f o r m a t i o no n s i d e e f f e c t s, e f f e c t i v e n e s s a s m e a s u r e d i n c l i n i c a l s t u d i e s ,c o n t r a i n d i c a t i o n s , i n t e r a c t i o n s w i t h o t h e r m e d i c a t i o n s ,c o n s i d e r a ti o n s f o r u s e i n c h i l d r e n a n d p r e g n a n t w o m e n , a n d s oo n .T h e 2 0 0 0 C e n t e n n i a l E d i t i o n o f t h e M e r c k M a n u a l [ M e r l 7 ]l i s ts , fo r e a c h c o n d i t i o n i t d e s c r i b e s , t h e c a u s e o r c a u s e s ,e t i o l o g y a n d p a t h o l o g y i n f o r m a t i o n , r e l a te d o r s i m i l a rc o n d i t i o n s t o g e t h e r w i t h m e t h o d s f o r d i s t i n g u i s h i n g b e t w e e nt h e m , s y p t o m s , s i g n s , a n d m e t h o d s o f d i a g n o s i s , l a b o r a t o r yt e s ts a n d fi n d i n g s , a n d p r o g n o s i s a n d t r e a tm e n t r e g i m e n s .M u c h o f t h i s i n f o r m a t i o n i s b a s e d o n q u a n t it a t i v e s t u d ie s o fo u t c o m e s .T h e 2 0 0 2 e d i t i o n o f t h e P r e n t ic e - H a l l H e a l t h P r o f e s s i o n a l ' sD r u g G u i d e [H P D G ] i n c lu d e s , f o r e a c h l i s te d m e d i c a t i o n ,i n f o r m a t i o n o n a c t io n a n d p h a r m a c o d y n a m i c s , u s e s ( i n c l u d i n gu n l a b e l l e d u s e s ) , p r e g n a n c y r i s k c a t e g o r y , r o u t e s o fa d m i n i s t r a t io n a n d d o s a g e s , p h a r m a c o k i n e t i c s ,c o n t r a i n d i c a t i o n s a n d p r e c a u t i o n s , a d v e r s e r e a c t i o n s a n d s i d ee f f e c t s , i n t e r a c t i o n s w i t h d r u g s a n d m e d i c i n a l h e r b s ,a s s e s s m e n t o f p a t i e n t s d u r i n g t h e c o u r s e o f th e r a p y , a n dp a t i e n t a n d f a m i l y e d u c at i o n . A g a i n , t h i s i n fo r m a t i o n i s b a s e do n s t r ic t q u a n t i t a ti v e s t u d i e s o f us e o f th e m e d i c a t i o n si n c l u d e d .W h a t h as m a d e a l l t h is p o s s i b l e i s t h e i n c r e a s e dp r o f e s s i o n a l i s m o f m e d i c a l p r a c ti c e , b a s e d i n l a r g e p a r t o n t h ec o l l e c t io n a n d s t u d y o f q u a n t it a t iv e d a t a a b o u t p r e v a l e n c e a n do u t c o m e s o f i l l n e s s e s a n d t r e a tm e n t s . T h r e e c r i t i c a ld e v e l o p m e n t s h e l p e d m o d e r n i z e w e s t e r n m e d i c i n e :

M a n d a t o r y p r o f e s s i o n a l e d u c a t i o n a n d l i c c n su r e o fp r a c t i t i o n e r s S y s t e m a t i c c o l l e c ti o n a n d s t u d y o f p u b l i c h e a l th d a t a S y s t e m a t i c o b s e r v a t i o n a l s t u d i e s o f s a f e ty a n de f f e c t iv e n e s s o f t r e a t m e n t sW e p r o p o s e t h a t t h e s e s a m e d e v e l o p m e n t s w o u l d p u ti n f o r m a t io n r i s k m a n a g e m e n t o n a s o u n d f o o t in g . I n t h e n e x tt h r e e s e c t io n s , w e m a k e s p e c i f i c p r o p o s a l s w h i c h c o u l d d r i v et h e s e d e v e l o p m e n t s i n t o t h e p r a c t i c e o f i n f o r m a t i o n r i s km a n a g e m e n t .6 . H O W S H O U L D IN F O R M A T I O N R I S K

B E M A N A G E D ?T o d a y , i n f o r m a t i o n r i s k m a n a g e m e n t p r o f e s s i o n a l s h a v et r a i n in g b u t o f t e n n o f o r m a l i n f o r m a t i o n r i s k m a n a g e m e n te d u c a ti o n . T h e y d o n ' t h o l d r e v o c a b l e li c e n s e s ( o r a n y l i c e n s e sa t a l l) . T h e y h a v e n o f o r m a l l y r e c o g n i z e d e t h ic a l o b l i g a t i o n t ou s e o n l y s a fe , e f f e c ti v e r is k m a n a g e m e n t t r e a t m e n t s f o r t h ep r o b l e m s t h e y e n c o u n te r . N o p r o f e s s i o n a l b o d y e x i s t s w h i c hc o u l d d i s c i p l i n e e t h i c a l l a p s e s i f t h e y o c c u r r e d . T h e r e is n oe t h i c a l o b l i g a t i o n i m p o s e d o n i n f o r m a t i o n r i s k m a n a g e m e n tp r o f e s s i o n a l s t o a v o i d t h e u s e o f i n e f f e c ti v e o r e v e n h a r m f u lt r e at m e n t s. T h e r e is n o o b l i g a t i o n o f c o n f i d e n t i a l i ty t o t h eo r g a n i z a t i o n s t h e y t re a t - o t h e r t h a n t h o s e n e g o t i a t e d o n ac a s e - b y - c a s e b a s i s i n e m p l o y m e n t a g r e e m e n t s o r c o n s u l t i n gc o n t ra c t s. T h e r e i s n o o b l i g a t i o n w h a t s o e v e r t o r e p o r ti n f o r m a t i o n w h i c h m i g h t h a v e " p u b l i c h e a lt h " o r " p u b l i cs a f e t y " i m p l i c a t i o n s t o a n e s t a b l i s h e d a u t h o r i t y ( a n d i n f a c ts o m e t i m e s th e a f o r e m e n t i o n e d e m p l o y m e n t a g r e e m e n t s a n dc o n s u l t i n g c o n t r a c t s e x p l i c i t l y f o r b i d s u c h d i s c l o s u r e s ).T h e a u t h o r s p o s i t t h a t i n t h e f u tu r e , i n f o r m a t i o n r is k s h o u l d b et r ea t e d b y p r o f e s s i o n a l s w i t h t h e c h a r a c t e r i s ti c s o f a p h y s i c i a n .A p h y s i c i a n h a s: A s p e c i a l i z e d p r o f e s s i o n a l e d u c a t i o n A r e v o c a b l e l i c e n s e t o p r a c t i c e A n e t h i c a l o b l i g a t i o n t o t r e a t p a t i e n t s a p p r o p r i a t e l y a n d

k e e p t h e ir p r i v a t e i n f o r m a t i o n i n c o n f i d e n c e A p r o f e s s i o n a l o b l i g a t i o n t o c o n t r o l ( t h r o u g h t h e p o w e ro f p r e s c r i p t i o n ) t h e u s e o f p o t e n t i a l l y h a r m f u l t r e a t m e n t s A p r o f e s s i o n a l o b l i g a t i o n t o r e p o r t , i m p o r t a n t p u b l i ch e a l t h i n f o r m a t i o n t o t h e p r o p e r a u t h o r i t i e s .I n f o r m a t i o n r i s k p r o f e s s i o n a l s s h o u l d h a v e a l l t h e s e t h i n g st o o . P a r t i c u l a r l y im p o r t a n t i n o u r v ie w ar e t h e e t h i c a lo b l i g a t i o n t o a p p l y o n l y a p p r o p r i a t e t r e a t m e n t s a n d p r o t e c tc o n f i d e n t i a l i t y o f t h o s e t r e at e d , a n d t h e p r o f e s s i o n a lo b l i g a t i o n t o r e p o r t i n f o r m a t i o n t o " p u b l ic h e a l t h "a u t h o r i t i e s .T h e i n f o r m a t i o n r i s k m a n a g e m e n t p r o f e s s i o n a l ' s o b l i g a t i o n t ot r e a t a p p r o p r i a t e l y , a n d to c o n t r o l t h e u s e o f p o t e n t i a l l yh a r m f u l t r e a t m e n t s , w i l l r e q u i r e a s s e s s i n g t h e c o s t s a n db e n e f i t s o f a l l r i s k t r e a t m e n t o p t i o n s - l i a b i l i t y t r a n s f e r ,i n d e m n i f i c a ti o n , an d r e t e n t i o n as w e l l a s m i t i g a t io n , d e t e c t i o na n d r e s p o n s e a s w e l l a s p r e v e n ti o n , a n d p r o c e d u r a l a s w e l l a st e c h n i c a l t r e a tm e n t s . C h o i c e o f t r e a t m e n t o p t i o n s s h o u l d b eb a s e d o n t h e w e l f ar e o f t h e " p a t i e n t" - w h i c h w i l l b em a x i m i z e d b y o p t i m i z i n g c o s t o f r i s k t o t h e b u s i n e s s r a t h e rt h a n o n m i n i m i z i n g p r o b a b i l i t y o f o c c u r re n c e o f a d v e r s ee v e n ts . N e e d l e s s t o sa y , th e i n f o r m a t io n r i s k p r o f e s s i o n a l w i l l

101


6/8

o b l i g a t e d t o a v o i d t h e u s e o f r i s k t r e a tm e n t s w h o s en i n g i n m a n a g e m e n t o f i n f o r m a t i o n s e c u r i t yp r e s e n t a b r o a d a n d i n ' t e gr a te d v i e w t r e a t m e n t sn g , f o r e x a m p l e , r i s k t r a n s f e r a n d i n d e m n i f i c a t i o n ) ,h e r t h a n t h e o n e - d i m e n s i o n a l , v u i n e r a b i l i t y - r n i t i g a t i o no n t o d a y . A t t h e s i m p l e s t l e v e l , t h is m e a n s t h a tr i s k e d u c a t i o n s h o u l d i n c l u d e f i n a n c i a le g a l d i s c i p l i n e s i n a d d i t i o n t o t h e t e c h n i c a l d i s c i p l i n e s

o d a y . S o m e r i s k -m a n a g e m e r L t e x p e r t s h a v e b e g u n t oh o w r i s k m a n a g e m e n t a c ti ,v i ti e s c a n b e i n t e g r a t e dt h e e n t ir e s p e c t r u m o f b u s i n e s s r i s k s [ S h i m ] ;h i s k i n d o f

. 1 Reportingy , a l m o s t a l l i n f o r m a t i o n s ec ~ c~ - it y r i s k a s s e s s m e n t s u s ev e r a t h e r th a n q u a n t i t a t iv e m e t h o d s . S o m e r i s km e t h o d o l o g i e s a n d s t a n d a r d s a l r e a d y i n c o r p o r a t en t a r y l o s s - e x p e c t a t i o n e s t i m a t i o n m e t h o d s , b u t t h e s ee u s u a l ly l i m i te d t o a " lo w / m e d i u m / h i g h " c a t e g o r i z a t i o nr a r y d o l l a r r a n g e s a s s i g n e d t o t h e c a t e g o r i e s . S o m ee s a l r e a d y q u a n t i f y i n t e l le c t u a l p r o p e r t y r i s k i nl t e r m s a n d t a k e s t ep s t o m ; m a g e r i s k u s i n g f i n a n c i a l

t f i n d i n g s a r e e s s e n t i a l l y n e v e r s h a r e d w i t ht h e b u s i n e s s b e i n g a s s e s s e d , a n d p o s s i b l y i t su r e , t h e a u t h o r s b e l i e v e t h a t i n f o r m a t i o n security r i s kf o c u s n o t j u s t o n i d e n t i f y i n g r i s k s , b u to n q u a n t i f y i n g t h e m . S p e c i f i c a l ly , i n f o r m a t i o n s e c u r i t ys h o u l d b e c h a r a c t e r i z e d i n F i n an c i a l te r m s , a s a n n u a l i z e d

r i s k s a r e i d e n t i f i e d a n d q u a n t i f i e d , t h e r e s u l t i n g d a t ar e p o r t e d ( b y th e i n f o r m a t i o n r i s k m a n a g e m e n ta w a y t h a t r e s p e c t s th e i r e t h i c a l o b l i g a t i o n t ot h e p r i v a c y o f t h o s e t h e y t r e a t ) to t h e i n f o r m a t i o n r i s ka p u b l i c h e a l t h s e r v ic e . T h e n e x t s e c t i o nm o r e l e n g t h .. H O W S H O U L D I N F O R M A T I O N R I S K

B E STUDIED?o n r i s k p r e v a l e n c e a n d s e v e r i t y i s c o l l e c t e dt h e U S F B I , C E R T , a n d o t h e r o r g a n i z a t i o n s . H o w e v e r ,o t h e s e o r g a n i z a t i o n s i s v o l u n t a r y , a n d o n l y a s m a l lo f b u s i n e s s e s e v e n r e c e i v e t h e q u e s t i o n n a i r e s w h i c hb o d i e s u s e t o c o l l e c t t h e i r s u m m a r y i n f o r m a t i o n .n o s t a n d a r d ta x o n o m i e s o f v u i n e r a b i l i t i e s ,d e n t s , lo s s e s, o r c o u n t e r m e a s u r e s a r e u s e d i n t h e c o l l e c t i o nh e f u t u r e , c o l l e c t i o n o f d a t a o n i n f o r m a t i o n r i s k n e e d s t o b em o r e r e g u la r , f o r m a l , a n d c o m p r e h e n s i v e . I n f o r m a t i o ns h o u l d b e s tu d i e d b y a n i n d e p e n d e n t b o d y w i t h t h e

t i c s o f a p u b l i c h e a l t h s er v i ce . T h i s " P u b l i cs h o u l d c o l le c l ; f ~ o m i n f o r m a t i o n r i s ka g e m e n t p r o f e s s i o n a l s , i n a w a y w h i c h p r o t e c t s t h e p r i v a c yt h e o r g a n i z a t i o n s t h o s e p r o f e s s i o n a l s t r ea t , d a t a o n t h et h e c a u s e s o f l o s se s , t h e e f f e ct s o f l o s s e s ,h e e f f e c t i v e n e s s o f i n f o r m a l : i o n r i s k t r e a t m e n t s . T h es h o u l d a n a l y z e th i s d a t a a n d p u b l i s hr e s u l t s o f it s a n a l y s e s a s a w a y t o i m p r o v e t h e s t a t e o f

i n f o r m a t i o n r i s k m a n a g e m e n t p r a c t i c e , a n d t o i n fo r m p u bp o l i c y d e c i s i o n s a b o u t i n f o r m a t i o n r i s k m a n a g e m e n t ,O b v i o u s l y , t h e a d v a n c e d r e s e a r c h w h i c h d r i v e s d e v e l o p m e n t o f n e w ~ e a t r n e n t s a n d d e e p e r u n d e r s t a n d i n g t h e c a u s e s o f r i s k s w i l l c o n t i n u e t o b e c a r r i e d o u t i n a c a d e m i c a nd b u s i n e s s c o m m u n i t i e s , j u s t a s a d v a n c e d m e d ir e s e a r c h i n t o n e w d r u g s a n d t h e c a u s e s o f d i s e a s e i s c a r r i e d b y a c a d e m i c m e d i c a l s c h o o ls a n d p h a r m a c e u t i c a l r e s e a r c h lt o d a y .8 . H O W S H O U L D I N F O R M A T I O N

S E C U R I T Y T E C H N O L O G Y B EEVALUATI~.D?T o d a y , in f o r m a t i o n s e c u r i t y t e c h n o l o g i e s a r e s u b j e c t e d d e s i g n a n d i m p l e m e n t a t i o n a n a l y s e s d e f i n e d b y a n u m b e r a s s u r a n c e r e g im e s ( m o s t n o t a b l y t h e C o m m o n C r i t e r ia [ C CB u s i n e s s e s c a n a l s o s u b m i t v o l u n t a r i l y t o " s e a l" p r o g r aw h o s e c e r t i f ic a t i o n s a re b a s e d o n d e p l o y m e n t o f p o p ut e c h n o l o g i e s , a n d o n c o nl 3" ac t, p r o c e s s a n d s y s tc o n f i g u r a t i o n a u d it s . B u s i n e s s e s c a n c o n t r a c t f o r p e n e t r a tt e s t i n g , b u t t h e a u t h o r s a r e n o t a w a r e o f a n y c e r t i f i c a tr e g i m e w h i c h r e q u i r e s p e n e t r a t i o n t e s ti n g , o r a n y o te x p l i c i t m e a s u r e o f t h e e f f e c t i v e n e s s o f s e c u r i ty p r o t e c tm e a s u r e s , a s a c o n d i t i o n o f g r a n t i n g c e r t i f i c a t i o n .N o s y s t e m a t i c e f f e c t i v e n e s s t e s t i n g o f in f o r m a t i o n s e c u rm e a s u r e s i s d o n e b y a n y i n d e p e n d e n t b o d y , a n d t h e r e s u lt se f f e c t i v e n e s s t e s t in g d o n e b y v e n d o r s a n d t h e ir c o n t r a c t o r s a l m o s t n e v e r p u b l i s h e d . I n f o r m a t i o n ri s k m a n a g e mp r o f e s s i o n a l s h a v e n o t r a in i n g i n t h e d e s i g n o f e x p e r i m e n t st e s t e f f e c t iv e n e s s o f t h e m e a s u r e s t h e y d e s i g n , a n d n o t r a i ni n p u b l i s h in g o r r e v i e w i n g t h e r e s u l t s o f s u c h e x p e r i m e n t s .A w o r k s h o p p a r t i c i p a n t p o i n t e d o u t t h a t t h e i n f o r m a ts e c u r i t y i n d u s t r y h a s n o e q u i v a l e n t o f t h e w h i t e l a b o r a tm o u s e w h i c h c a n b e u s e d t o t e st t h e e f f e c ti v e n e s s o f s e c u rm e c h a n i s m s w i t h o u t h a v i n g to s u b j e c t b u s i n e s s ' p r o d u c ts y s t e m s to u n e t h i c a l l e v e l s o f r i s k . T h i s i s a n i m p o r t a n t , at r u e , o b s e r v a t i o n .T h e a u th o r s o b s e r v e a l s o, h o w e v e r , t h a t m e d i c i n e h a s a l w a y s h a d w h i t e la b o r a t o r y m i c e a s m o d e l s e i th e r , an d w c ur e s e a r c h i n to t h e d e v e l o p m e n t o f a n a p p r o p r i a t e " s e c u rm o u s e a n a l o g " f o r u se a s a n e f f e c ti v e n e s s t e s t b c d f o r s e c u rm e a s u r e s ,I n t h e f u t u r e, t h e a u t h o r s b e l i e v e t h a t t h e e f f e c t i v e n e s s i n f o r m a t io n s e c u r i ty t e c h n o l o g y w o u l d b e m o s t e f f e c t i ve v a l u a t e d b y a n i m p a r t i a l b o d y f o l l o w i n g a p r o c e s s s i m i l a rt h e o n e u s e d b y t he U S F o o d a n d D r u g A d m i n i s t r a ti o n ( F Dt o a p p r o v e m e d i c a l t r e a tm e n t s f o r u s e . T h e F D A ' s p r o c e s sb a s e d o n s y s t e m a t i c , q u a n t i t a t iv e o b s e r v a t i o n a l s t u d i e s a c t u a l o u t c o m e s , a n d i n c l u d e s a n o n g o i n g m o n i t o r i n g p hw h i c h u p d a t e s s a f e t y a n d e f f e c t i v e n e s s i n f o r m a t i o n at r e a tm e n t s h a v e b e e n a p p r o v e d a n d a r e i n u s e b y th e m e d ic o m m u n i t y .S e c u r i t y t e c h n o l o g y d e v e l o p m e n t a n d s e l e c t i o n s h o u l d b a s e d o n q u a n t i t a t iv e o b s e r v a t i o n a l s t u d i e s o f e f f e c t i v e n en o t o n sy n t h e t i c a p r i o r i a s s u r a n c e o f v u l n e r a b i l i t y a v o i d a nP r o b a b i l i t ie s o f e x p l o r a t i o n m u s t b e b a l a n c e d wc o n s e q u e n c e s . A L E s ( t h at i s, o b s e r v e d o u t c o m e s ) m u s t r un o t t h e e m o t i o n o f a g o o d s t o r y a n d t h e f e a r, u n c e r t a i n t y d o u b t t h a t c o n t i n u e s t o b e t h e s e l l in g p r o p o s i t i o n f o r ms e c u r i t y t e c h n o l o g y .

! 0 2


7/8

W h i l e a s s e s s m e n t o f t e c h n i c a l v u l n e r a b i l i t i e s a n d t h el i k e l i h o o d o f t h e ir e x p l o i t a t i o n s h o u l d a n d w i l l r e m a i n a p a r to f in f o r m a t i o n te c h n o l o g y r i s k m a n a g e m e n t , a s s e s s m e n t m u s ti n c l u d e t h e o v e r a l l r i s k c o n t r o l p r o c e s s , i n c l u d i n g p e r s o n n e l ,p h y s i c a l , a n d te c h n i c a l m e a s u r e s . I t m u s t b e s e n s i t iv e t o t h er a t e o f c h a n g e i n e a c h o f t h e s e p a r a m e t e rs .A d e t e r m i n e d e f f o r t s h o u l d b e m a d e t o e v a l u a t e a l l k in d s o fp r o t e c t i o n , d e t e c t i o n , a n d r e s p o n s e m e a s u r e s ( b o t h t e c h n i c a la n d n o n - t e c h n i c a l) t o q u a n t i fy h o w e a c h m e a s u r e t h e a f f e c tsa n n u a l i z e d lo s s e x p e c t a t i o n a r i s i n g f r o m m a n y s p e c i f i c k i n d so f r i s k s .T h e i m p a r t i a l b o d y w h i c h c a r ri e s o u t e v a l u a t i o n s c o u l d b e ag o v e r n m e n t a g e n c y . ( s u c h a s th e U S N C S C ) o r g o v e r n m e n t -s p o n s o r e d se c u r i t y l a b o r a t o r y ( s u c h a s t h e C E R T C o o r d i n a t i o nC e n t e r ) , a c o m m e r c i a l o r g a n i z a t i o n t h r o u g h a s e a l p r o g r a m , a ni n d u s t r y c o n s o r t i u m s u c h a s I T - I S A C , an i n s u r e r s ' c o n s o r t i u ms i m i l a r t o U n d e r w r i t e r s ' L a b o r a t o ri e s , a c o n s u m e r o r g a n i z a t i o ns i m i l a r t o C o n s u m e r s ' U n i o n , o r a c o m b i n a t i o n o f s o m e o r a l lo f t h e a b o v e .I n f o r m a t i o n r i s k m a n a g e m e n t p r o f e s s i o n a l s s h o u l d , a s s t a t e di n t h e p r e v i o u s s e c t io n , b e p r o f e s s i o n a l l y o b l i g a t e d t o a v o i dt h e u s e o f d e m o n s t r a b l y i n e f f e c ti v e t re a t m e n t s .8.1 Tracking and ReportingT o d a y , n o e q u i v a le n t o f T h e L a n c e t o r J o u r n a l o f t h e A m e r i c a nM e d i c a l A s s o c i a t i o n e x i s ts t o e n a b l e p u b l i c a t i o n a n d r e v i e wo f i n f o r m a t i o n a b o u t t h e e f f e c ti v e n e s s o f i n f o r m a t i o n r i s kt r e a tm e n t s , a n d i n fo r m a t i o n r is k m a n a g e m e n t p r o f e s s i o n a l s d on o t h a v e t r a i n i n g i n t e c h n i c a l w r i t i n g o r r e v i e w o f o t h e rp r a c t i ti o n e r s ' r e s u lt s . W e n o t e i n p a s s i n g t h a t j o u r n a l s o f t h i ss o r t a r e u s e f u l t o, a n d u s e d b y w o r k i n g p r a c t i t io n e r s ( n o t j u s ta c a d e m i c s ) in s o m e d i s c i p li n e s ; f o r e x a m p l e , p o l i c e l a b o r a t o r yp e r s o n n e l r e g u l a r l y p u b l i s h i n an d r e a d t h e J o u r n a l o fF o r e n s i c S c i e n c e.T h e ef f e c t iv e n e s s o f i n f o r m a t i o n r i s k t r e a tm e n t s w i l l c h a n g eo v e r t i m e as t h e t e c h n i c a l e n v i r o n m e n t a n d t h e r i s ke n v i r o n m e n t " i n t h e w i l d " e v o l v e . I n f o r m a t i o n r i s km a n a g e m e n t p r o f e s s i o n a l s s h o u l d b e r e q u i r e d t o r e p o r tr e g u l a r l y to t h e e v a l u a t i o n b o d y o n t h e e f f e c t i v e n e s s o f t h et r e a tm e n t s t h e y " p r e s c r i b e " t o t h e i r " p a t i e n ts " . T h e e v a l u a t i o nb o d y s h o u l d c o n t i n u a l l y u p d a t e i t s a s s e s s m e n t s o f t r e a t m e n te f f e c t iv e n e s s b a s e d o n t h e i n f o r m a t i o n i t r e c e i v es , a n d s h o u l dd i s t ri b u t e t h e s e u p d a t e s t o th e c o m m u n i t y o f in f o r m a t i o n r i s km a n a g e m e n t p r o f e s si o n a ls .9 . A WORD ABOUT ~ ETHICS OF RISK

QUANTIFICATIONA r e v ie w o f a n e a r li e r d r a f t o f t h i s p a p e r q u e s t i o n e d w h e t h e rq u a n t i f i c a t i o n o f c e r t a in ty p e s o f r is k s ( p a r t i c u l a r ly r i s k s t oh u m a n l if e an d s a f e t y) in f m a n c i a l t e r m s i s e t h i c a l l ya c c e p t a b l e .T h e f i r s t p o i n t t o b e m a d e i n t h i s c o n t e x t i s t h a t s y s t e m s w h i c hp o s e k n o w n o r s u s p e c te d r i s k s t o h u m a n l i fe o r s a f e ty s h o u l db e t r e a te d u s i n g t e c h n iq u e s f o r m a n a g i n g r i s k i n s a f e t y - c r i t i c a ls y s t e m s , e v e n i f t h e y a l s o r e q u i r e i n f o r m a t i o n s e c u r i t y r i s kt r e a t m e n t ( s e e f o r e x a m p l e [ L e v e ] o r [ S t o r ] f o r f u l l t r e a t m e n t so f r i s k in s a f e ty - c r i t i c a l s y s t e m s ) . T h e a u t h o r s d o n o t c l a i mt h a t i n f o r m a t i o n s e c u r i t y r i s k m a n a g e m e n t t e c h n i q u e s d o , o rs h o u l d , p r o t e c t a g a i n s t s a f e t y r i s k s .T h e s e c o n d p o i n t t o b e m a d e i s t h a t s o c i e t y m u s t t a k e r i s k s i tc o n s i d e r s u n a c c e p t a b l e o u t o f th e r e a l m o f e c o n o m i c

j u s t i f i c a t io n b y i m p o s i n g m a n d a t o r y c o n t r o l r e g i m e s . S e r i o u ss a f e t y r i s k s s h o u l d b e c o n t r o l l e d u s i n g a r e g i m e w h i c h i s n o tv o l u n t a r y a n d i s n o t b a s e d o n a c o s t / b e n e f i t a n a l y s i s . I f as o c i e t y c o n c l u d e s t h a t a c e r t a i n s a f e t y r i s k i s s u f f i c i e n t l ys e r i o u s t h a t c o n t r o l l in g i t i s m a n d a t o r y , t h a t s o c i e t y s h o u l du s e l e g a l a n d r e g u l a t o r y m e c h a n i s m s t o m a n d a t e c o n t r o l o ft h a t r i s k .A t l e a s t i n c a p i t a l i s t s o c i e t i e s , a n y r i s k f o r w h i c h t h e r e i s n ol e g a l l y r e q u i r e d c o n t r o l r e g i m e w i l l b e c o n t r o l le d o n l y t o t h ee x t e n t t h a t t h e c o s t o f c o n t r o l c a n b e e c o n o m i c a l l y j u s t i f i e d .T h e e c o n o m i c s o f c o n t r o l l i n g r i s k s c a n b e d i s t o r te d b yc o m p e t i t i o n . R i s k - t o l e r a n t f i r m s m a y g a i n t e m p o r a r yc o m p e t i t iv e a d v a n t a g e a g a i n s t r is k - a v e r s e fi r m s b y s p e n d i n gl e s s o n c o n t r o l (e s p e c i a l l y f o r r i s k s w i t h l o w p r o b a b i l i t y o fo c c u r r e n ce ) a s lo n g a s t h e y a r e l u c k y a n d t h e r is k s d o n o tc a u s e t h e m l o ss e s . T h e a u t h o r s m a i n t a i n th a t c o s t - j u s t i f y i n gr i s k c o n t r o l s c a n o n l y b e e f f e c t i v e i f t h e r is k s c a n b eq u a n t i f i e d .T h e t h i r d p o i n t w h i c h n e e d s t o b e m a d e i s t h a t a c c u r a teq u a n t i f i c a t i o n o f t h e c o s ts o f r i s k s t o h u m a n l i f e an d s a f e t ym i g h t in fa c t p r o v i d e p o w e r f u l i n c e n t i v e s f o r c o n t r o l. P u t t i n ga p r i c e t a g o n a h u m a n l i f e is c e r t a i n l y f r a u g h t w i t h e t h i c a ld a n g e r s . O n t h e o t h e r h a n d , i f N A S A h a d h a d a r e a l i s t i ce s t i m a t e o f t h e p r o b a b i l i t y t h a t t h e S p a c e S h u t t l e C h a l l e n g e rw o u l d b e d e s t ro y e d , a n d h a d a l s o h a d a n a c c u r a t e e s t i m a t e o ft h e f i n a n c i a l a n d r e p u t a t i o n c o s t s o f t h is e v e n t , t h e r e s e e m sl i tt l e d o u b t t h a t th e C h a l l e n g e r l a u n c h w o u l d h a v e b e e nd e l a y e d a n d t h e s h i p s a v e d .O n e a r g u m e n t a g a i n s t t h i s p o i n t o f v i e w m i g h t b e t h a t t h e r e a lc o s t o f t h e l o s s o f a l i fe t o t h e o r g a n i z a t i o n w h i c h c a u s e s t h el o s s i s n o t v e r y g r e a t in s o m e c a s e s . E s t i m a t e s o f t h e t o t a l c o s to f t h e U n i o n C a r b i d e B h o p a l p l a n t t o t h e U n i o n C a r b i d ec o r p o r a t i o n v a r y , b u t t h e d i r e c t c o s t o f t h e l e g a l s e t t l e m e n t( $ U S 4 7 0 m i l l i o n ) r e p r e s e n t s o n l y a b o u t S U S 1 2 , 4 0 0 f o r e a c ho f t h e r o u g h l y 3 8 0 0 p e o p l e k i l l e d b y t h e a c c i d e n t , a nd t h i sd o e s n o t i n c l u d e c o n s i d e r a t i o n o f t h e m o r e t h a n 2 7 0 0 p e o p l ep e r m a n e n t l y d i sa b l e d . T w e l v e t h o u s a n d d o l l a r s f o r a h u m a nl if e i s a n u n c o m f o r t a b l y l o w f ig u r e . D o e s t h i s m e a n t h a tq u a n t i f y i n g t h i s r i s k i s e t h i c a l l y i r r e s p o n s i b l e ? T h e a u t h o r st h i n k n o t - t h e f a c t t h a t a l i f e c o s t s a m a j o r c o r p o r a t i o n o n l y$ 1 2 , 0 0 0 l o o k s t o u s li k e a c a l l f o r re f o r m o f th e l i a b i l i t ys y s t e m .I n s u m m a r y , w h i l e t h e a u t h o rs d o n o t b e l i e v e t h a t e v e r y r i s ks h o u l d b e c o n t r o l l e d u s i n g a m o n e t a r y c o s t / b e n e f i t f r a m e w o r k ,w e d o b e l i e v e t h a t a l l r i s k s s h o u l d b e q u a n t i f i e d t o th e g r e a t e s te x t e n t p o s s i b l e , r e g a r d l e s s o f t h e a n t i c i p a te d c o n t r o l r e g i m e .W e a l s o b e l i e v e t h a t i n f o r m a t i o n s e c u r i t y r i s k s w i l l b e p o o r l yu n d e r s t o o d u n ti l w e d o a m u c h b e t t e r j o b o f q u a n t i f i c a t i o n o fe c o n o m i c l o s s es . F i n a l l y , w e b e l i e v e t ha t i n f o r m a t i o n s e c u r i t yc o u n t e r m e a s u r e s w i l l c o n t i n u e t o b e d i f f i c u lt t o j u s t i f y i nv o l u n t a r y c o n t r o l r e g i m e s u n t i l t h e i r e f f e c t i v e n e s s c a n b ee x p r e s s e d a s a q u a n t i f i a b le r e d u c t i o n o f e c o n o m i c l o s se s .1 0 . A C K N O W L E D G E M E N T ST h e a u th o r s a r e g r a t e f u l to t h e a n o n y m o u s r e v ie w e r s , a n ds p e c i f i c a l l y t o t h e r e v i e w e r w h o c a l l e d t h e i s s u e o f th e e t h i c so f q u a n t i f i c a t i o n o f l o s s e s t o o u r a t t e n t i o n .T h e f ir s t a u t h o r w o u l d l i k e t o a c k n o w l e d g e t h e s u p p o r t o f th eO p e n G r o u p in p r o v i d i n g a n o n g o i n g f o r u m f o r h i si n v e s t i g a t i o n s i n t o th e t o p i c o f s e c u r it y a n d R i s kM a n a g e m e n t .

10 3


8/8

1 . REFERENCESS t a n d a r d s A u s t ra l ia , " A S / N Z S 4 3 6 0 : 1 9 9 9 R i s kM a n a g e m e n t " , 1 9 9 9 .p u t e r S e c u r i ty In s t it u te ~m d U S F B I , " C o m p u t e rSe cu r i t y I s s u e s & T r e n d s " , C S I , 2 0 0 0 .

] A r b a u g h , W . , F i t h e n , W . , a n d M c H u g h , J . ," W i n d o w s o f V u l n e r a b i li t y , .a C a s e S t u d y A n a l y s i s " ,I E E E C o m p u t e r , I E E E , D e c e ]m b e r , 2 0 0 0 .e l] B a n k f o r I n t e r n a ti o n a l S e t tl e m e n t s , " T h e N e w B a s e lCa p i t a l A c co r d " , Ba s e l : Ba n k f o r I n t e rn a t i o n a lS e t t l e m e n t s , 2 0 0 1 .

] C o m m e n t s o n N e w !B as el C a p i t al A c c o r d ,h t tp : / / w w w . b i s .o r g / b c b s/ c a c o m m e n t s. h U nC E R T , C E R T A n n u a l R e p o r t s,h t t p : / / w w w . c e r t . o r g / a n n u a l_ r p t s / i n d e x . h tm l

N a t i o n al U n d e r w r i t e r C o m p a n y , 2 0 0 0 .L a n g , S . , D a v i s , J ., J a y e , D . , E r w i n , D . ,M u l l a m e y , J ., C l a r k e , L ., a n d L o e s c h , M . , " e - ri sk :L i a b il i ti e s i n a W i r e d ~ ' o r l d " , C i n c i n n a t i, O H :

N a t i o n a l U n d e r w r i t e r C o m p e m y , 20 0 0 .I ] U S D e p a ~ h , . en t o f C o n ~ n e r c e / N a t i o n a l B u r e a u o fS t a n d a r d s , " G u i d e l i n e s F o r A u t o m a t i c D a t aP r o c e s s i n g P h y s i c a l S e c u r it y a n d R i s k M a n a g e m e n t " ,1 9 7 4 .1 9 1] U S D e p a r t m e n t o f C m n m e r c e / N a t i o n a l I n s ti t u teo f S t a n d a r d s a n d T e c h n o l o g y , " ' G u i d e li n e fo r t h eA n a l y s i s o f L o c a l A r e a N e t w o r k S e c u r i ty " , 1 9 9 4 .

G e n e r a l A c c o u n t i n g O f f ic e , " I n f o r m a t i o nS e c u r i t y R i s k A s s e s s m e n t : P r a c t i c e s o f L e a d i n gO r g a n i za t i o n s " , 1 9 9 9 .H a r r i n g t o n , S . , a n d N i e h au ~ , G . , "R i s k Ma n a g e m e n ta n d I n s u r a n c e " , B o s t o n , I r w i n / M c G r a w H i l l , 1 9 9 9 .

[ H P D G ] S h a n n o n , M . , W i l s o n , B . , a n d S t a n g , C . ( e d" H e a l t h P r o f e s s i o n a l ' s D r u g G u i d e " , U p p e r S a dRi v e r , N J , P r e n t i ce H a l l , 2 0 0 2 .[ K o l l] K o l le r , G . , " R i s k A s s e s s m e n t a n d D e c i s i o n M a ki n B u s i n e s s a n d I n d u s t r y " , B o c a R a t o n , F l a . : CPr e s s , 1 9 9 9 .[ K B PS ] K o l l u r u , R . , B a r t e l l, S . , P i t b l a d o , R . , S t r i c o f f , S . , " R i s k A s s e s s m e n t a n d M a n a g e m

H a n d b o o k f o r E n v i r o n m e n t a l , H e a l t h , a n d S a fP r o f e s s i o n a l s " , B o s t o n : M c G r a w - H i l l, 1 9 9 6 .[ L e v e ] L e v e s o n , N . , "Sa f e w a r e : Sy s t e m Sa f e t y C o m p u t e r s " , R e a d i n g , M a s s. : A d d i s o n - W e s1 9 9 5 .[ M e r l ] M e r c k & C o . , " M e r c k ' s 1 8 9 9 M a n u a l " , N e w Y oM e r c k & C o . , 1 8 9 9 .[ M e r l 7 ] B e e r s , M . , a n d B e r k o w , R . ( e d s .) , " T h e M eM a n u a l o f D i a g n o s i s a n d T h e r a p y " , 1 7 t h W h i t e h o u s e S t a t i o n , N J , M e r ck Re s e aL a b o r a t o r i e s , 1 9 9 9 .[ N I S T R M G ] U S N a t i o n a l I n s t it u t e o f S t a nd a r d s T e c h n o l o g y , " S p e c i a l P u b l i c a t i o n 8 0 0 - 3 0 : RM a n a g e m e n t G u i d e " ( D r a f t) , 2 0 0 1 .[ O F A ] T h o m a s , R . ( e d . ) , " O l d F a r m e r ' s A l m a nW i l l ia m W a r e & C o . , B o s t o n , 1 9 0 0 .[ Pe l t ] Pe l t i e r , T . , " I n f o r m a t i o n Se cu r i t y R i s k A n a l y sB o c a R a t o n , F l a : A u e r b a c h P u b l i c a t i o n s , 2 0 0 1 .[ P o r ] P o r t e r, R . , " T h e G r e a te s t B e n e f i t t o M a n k i n d " , NY o r k , W . W . N o r t o n & C o m p a n y , 1 9 9 7.[ S h i m ] S h i m p i , P . , " I n t e g r a ti n g C o r p o r a t e RM a n a g e m e n t , N e w Y o r k , T e x er e , 1 9 9 9 .[ S to r ] S t o r e y , N . , " S a f e t y - C r i t ic a l C o m p u t e r S y s t e m s " ,R e a d i n g , M a s s . : A d d i s o n - W e s l e y , 1 9 9 6 .

10 4

03_Blakley2001infosec

Documents

Transcript of 03_Blakley2001infosec