The management of risk associated with the unwanted release of sensitive information

摘要

This paper describes research inprogress to develop a risk management methodology that can be applied to decisions regarding the declassification of government documents. The goal of this research is to understand and model current processes that document reviewers use to make declassification decisions for a given document or set of documents then to develop a formal methodology and risk analysis tool for determining and managing the risk associated with the release of documents containing sensitive information. This approach treats risk as the "asset value" of the information contained within a given document, moderated by the document's "vulnerability" to exploitation following individual review activities. The broad scope and generality of the methodology sets it apart as a useful tool for managing the release of sensitive information in commercial as well as government organizations.