Information Security Control Decision Theory: Management Reasoning in Threes

Information Security Control Decision Theory: Management Reasoning in Threes,Richard Baskerville

Information Security Control Decision Theory: Management Reasoning in Threes  
BibTex | RIS | RefWorks Download
The purpose of this paper is to elaborate a fundamental theory of information security management that establishes three interrelated forms of security reasoning to explain research and practice in information security. Reasoning about information security arises as exposure control reasoning, ethical control reasoning, and developmental control reasoning. Exposure control reasoning fastens on the edges that exist because information assets are often naturally exposed to threats. Exposure reasoning seeks to substitute asset-control edges and control-risk edges for asset-risk edges. Ethical control reasoning arises in the need to make rational decisions about controls adoption. .As with other ethical reasoning settings, there are varying forms of such reasoning, the basic forms include utilitarian and deontological reasoning about controls decisions. Utilitarian control reasoning depends on a greatest-good kind of rationale in grounding a decision about controls adoption. Deontological control reasoning depends on a rationale regarding duty to a moral law. In this kind of reasoning, controls are adopted because rules of conduct dictate certain degrees of protection for information and information systems. Developmental control reasoning centers the development of security in relation to the development of the information system being secured. Each of these forms of reasoning is inhabited by concerns about system complexity, which can rise as a result of security control decisions.
Published in 2009.
Cumulative Annual
View Publication
The following links allow you to view full publications. These links are maintained by other sources not affiliated with Microsoft Academic Search.