Use of Decision Support Techniques for Information System Risk Management

Abstract: Identifying and understanding security risks for information system design or evaluation is very challenging. Making decisions about accepting or mitigating these risks through a rational, traceable, and understandable process is even harder. Quantitative risk analysis techniques can help stakeholders understand and communicate risk‐informed design decisions even when the stakeholders have conflicting objectives. Quantitative risk analysis also helps stakeholders understand security, cost, and functionality tr… Show more