Abstract
In this paper, we present and discuss a framework for security risk management, focusing on the selection of a management strategy for decision-making on security measures in particular. The framework provides guidance on the selection of a suitable type of management strategy for various types of decision-making contexts. An Information and Communication Technology case study is used to illustrate the practical implications of the framework.
Original language | English |
---|---|
Pages (from-to) | 404-417 |
Journal | Journal of Risk Research |
Volume | 20 |
Issue number | 3 |
DOIs | |
Publication status | Published - 4 Mar 2017 |
MoE publication type | A1 Journal article-refereed |
Keywords
- ambiguity
- security
- uncertainty
- vulnerability