Journal Article10.1016/0167-4048(94)90036-1
Refereed paper: TOPM: a formal approach to the optimization of information technology risk management
K. P. Badenhorst,Jan H. P. Eloff +1 more
TL;DR: The TOPM (Target Optimum Portfolio Management) approach to IT (information technology) risk management, as proposed in this paper, is a formal approach based on the concept of a dynamic life cycle, with one of its major objectives the targeting and optimization of the risk management process itself.
read more
About: This article is published in Computers & Security. The article was published on 01 Jul 1994. The article focuses on the topics: IT risk management & Risk management.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Selecting risk response strategies considering project risk interdependence
TL;DR: Based on the analysis of the risk interdependence, Wang et al. as discussed by the authors constructed an optimization model for selecting risk response strategies considering the expected risk loss, risk inter-dependence and its two directions.
130
Network externalities, layered protection and IT security risk management
Wei Thoo Yue,Metin Çakanyildirim,Young U. Ryu,Dengpan Liu +3 more
- 01 Nov 2007
TL;DR: The results show that the consideration of network externalities and layered protection changes the risk mitigation decisions significantly and the optimal allocation of security resources in protecting every system in an organization is found.
64
Electronic commerce: the information‐security challenge
Les Labuschagne,Jan H. P. Eloff +1 more
TL;DR: The Internet holds many opportunities that could mean survival or competitive advantage for many organisations, but to exploit these opportunities, it is important to first analyse the risks they hold.
44
•Proceedings Article
The state of risk assessment practices in information security: an exploratory investigation
Jackie Rees,Jonathan P. Allen +1 more
- 23 Mar 2004
TL;DR: Results from an exploratory survey of U.S. headquartered firms indicate that increased frequency of conducting risk assessments, the use of quantitative measures of likelihood of loss, and more complete asset inventories correspond with higher levels of user satisfaction and perceived usefulness.
A common criteria framework for the evaluation of information technology systems security
R. Kruger,Jan H. P. Eloff +1 more
- 01 Jan 1997
TL;DR: This paper is expanded a process of evaluation by means of which to determine the functional security requirements of an Information Technology (IT) system on the bases of two sources, namely a framework that defines information security as a whole and the Common Criteria.
20
References
•Book
Financial Theory and Corporate Policy
Thomas E. Copeland,J. Fred Weston,Kuldeep Shastri +2 more
- 01 Jan 1979
TL;DR: In this article, the authors present an overview of financial theory and its application in corporate finance, including the role of the CFO and performance measurement, and the relationship between CFO's role and performance measurement.
2.1K
A comparative framework for risk analysis methods
TL;DR: A framework for risk management terminology is suggested and the application of the framework will be demonstrated through a high level discussion of the CRAMM, LAVA and MELISA risk analysis methods.
92
•Book
Digital computer fundamentals
Thomas C. Bartee
- 01 Jan 1971
TL;DR: The purpose of this book is to present, as clearly as possible, the principles of modern digital computers.
86
Computer security methodology: Risk analysis and project definition
K. P. Badenhorst,Jan H. P. Eloff +1 more
TL;DR: The issue of risk analysis is addressed in view of an overall information security plan to address the selection of computer security countermeasures.
24
A context for information systems security planning
TL;DR: Why information security efforts are often ineffective and why more formal planning efforts can alleviate this condition is examined and the establishment of a context for effective information security planning is dwelled on.
11