Qualitative methods are available for risk management, but better practice would use quantitative risk management based on expected losses and related metrics. Measuring the success of information security investments is best accomplished by measuring reductions in expected loss.
Targeted malicious emails (TME) for computer network exploitation have become more insidious and more widely documented in recent years. Beyond spam or phishing designed to trick users into revealing personal information, TME can exploit computer networks and gather sensitive information. They can consist of coordinated and persistent campaigns that can… (More)
Maximum likelihood confirmatory factor analysis was applied to the Wechsler Intelligence Scale for Children-Third Edition (WISC-III; Wechsler, 1991) data of a mixed clinical sample of 318 children. Analyses were designed to determine which of nine hypothesized oblique factor solutions could best explain intelligence as measured by the WISC-III in the… (More)
How do IT security managers make decisions in the absence of empirical data, and how do they know these decisions are successful? Some security managers seem more successful at making decisions than others. Are they guessing, or are they using some tacit knowledge? To address these questions, a study employed open-ended interviews with highly regarded,… (More)