From: Factors influencing network risk judgments: a conceptual inquiry and exploratory analysis
 | Factor # | SD | Mean | Factor |
---|---|---|---|---|
High SDs (Low Agreement) | 8 | 34.0 | 48.3 | Whether the facility uses SCADA systems |
 | 5 | 32.4 | 53.3 | Whether the network is for the military, government, or civilian sector |
 | 39 | 32.2 | 39.6 | The different methods of paying the contractor (e.g., fixed price versus cost plus) to your perception of risk? |
 | 21 | 31.6 | 59.6 | The information types that make up the network contents of your organization |
 | 34 | 31.5 | 45.5 | The ease (e.g., low versus high ease) of finding U.S.-born personnel instead of foreign-national personnel to fill network security positions within the organization |
Low SDs (High Agreement) | 45 | 13.7 | 80.5 | The organization’s response to threats (proactively planning for an attack versus reactively responding to an attack) |
 | 51 | 14.3 | 81.1 | The maturity of system capabilities for network defense |
 | 18 | 17.4 | 83.5 | The adversary’s (level of) knowledge (e.g., high versus low) about the organization’s deployed network and security technology |
 | 11 | 19.3 | 78.8 | Whether the organization has a disaster recovery plan |
 | 12 | 19.3 | 70.7 | The past performance of the organization’s hired contractor |