Abstract
The objectives are: (1) to determine the risk assessment of information security threats, based upon the perceived impact and the perceived probability of occurrence of these threats; (2) to determine the extent of risk mitigation, based upon the perceived level of preparedness for each of these information security threats; and (3) to determine the extent to which the of occurrence and the impact of information security threats relate to the level of preparedness.
Acknowledgments
This is to provide credit to the team of students in my CMIS class, Spring, 2007, who assisted with the data collection effort. These students include: Chris Lowe, Chris Klucker, Chris McCloud, Kenton Frere, Rich Guyton, Brian Keyes, Danny Dike, Justin Greek, Caleb Lutz, Casey Kicielinski, and Scott Munn.
Notes
Ernst and Young LLP Global Information Security Survey, 2001, 2002, 2003.