Risk management and the value of information in a defense computer system

As our reliance upon information systems for a multitude of vital operations increases, so do the concomitant vulnerabilities and risks associated with their operation and implementation. This problem, further complicated by the rapid growth and complexity in information technologies, requires efficient risk management within technical and/or fiscal constraints. This article presents potential improvements upon current risk management processes by incorporating value focused thinking into the process. In this approach, based on a test case with a DoD local area network, the value of the information served as a focal point for prioritizing vulnerabilities requiring remedy, thereby facilitating the efficient reduction of risk inherent in today's information systems.