The JP Allen Blog » Security http://www.jpedia.org/wp JP's work on the new internet, business, and society. Thu, 10 Jun 2010 10:36:04 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 Risk assessment in information security: Makes users happy, but not done often enough http://www.jpedia.org/wp/archives/69 http://www.jpedia.org/wp/archives/69#comments Thu, 30 Oct 2008 23:35:08 +0000 jpallen http://jpedia.org/wp/?p=69 The October issue of the Journal of Organizational Computing and Electronic Commerce has published our research on “The State of Risk Assessment Practices in Information Security“. It’s not easy to get data on information security practices (it’s secret, after all), but our survey was able to find associations between doing the things that security experts say we should be doing–more frequent risk assessment, use of quantitative loss estimates, more complete asset inventories–and higher levels of user satisfaction and perceived usefulness. Check it out.

This work was done with research wonder Jackie Rees at Purdue University.

]]> http://www.jpedia.org/wp/archives/69/feed 0