How much matter probabilities in information security quantitative risk assessment? Ghent University
The starting point of this research essay is a critical review of two methods to conduct a quantitative analysis of information systems security risks: 1) Management of Risk: Guidance for Practitioners and 2) a cost model based on annual loss expectancy. We are focusing on these methods with a perspective that highlights the limits of both empiricism and the theoretical elements that underlie them. From an epistemological point of view we have ...