Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: decision theory

Why the “Risk = Threats x Vulnerabilities x Impact” Formula is Mathematical Nonsense

– Every now and then I will find a security practitioner presenting the following formula when discussing information security risk analysis (ISRA). Risks = Threats x Vulnerabilities x Impact In some versions of this formula, the word “Consequence” is sometimes substituted for…

Decision Theory is the Foundation for Information Security Risk Management

– Disclaimer: I originally wrote the following text as a post to a mailing list in 2005, but it still seems applicable today. The more I read the writings of various information security professionals about information security risk analysis (ISRA), the more I’m struck by the following…