-
-
-
BlogInfoSec.com Sponsors
-
-
BlogInfoSec.com Partners
-
Tag Archives: risk
Why the “Risk = Threat x Vulnerability x Impact” Formula is Mathematical Nonsense — Part 2
August 31, 2010 – 6:00 am
–
In my last post, I argued that security risk managers should stop using the “Risk = Threat x Vulnerability x Impact” formula (hereafter, the “R=TVC formula”), for two reasons. First, the variables “Threat” and “Vulnerability” are typically undefined;…
Reply to Jack Jones on the Meaning of “Risk”
July 29, 2010 – 6:00 am
–
In a recent post to his blog, Jack Jones asks, “What’s ‘a risk’ anyway?” This is a great question, especially since a lot of people working in information security seem to use the word in a variety of ways, ways that often violate common usage among risk…
Black Swans … or Oil Victims?
June 29, 2010 – 9:15 am
–
There is an article in The New York Times Magazine of June 6, 2010 by David Leonhardt with the title “Underestimating Risk: What the oil spill and the financial crisis have in common.” It is in a section called “The Way We Live Now,” and next to the section heading there is a drawing of…
Security Risk Metrics and Decision Making Revisited
October 5, 2009 – 6:00 am
–
There is an interesting quote by Nobel laureate Joseph E. Stiglitz in the September 23, 2009 issue of the New York Times. In an article on the first page of the Business Day section by Peter S. Goodman, with the title “Emphasis On Growth Is Called Misguided,” Stiglitz is quoted as saying the…
Classy Data (pt. 3) – Ownership and Risk
September 28, 2009 – 6:00 am
–
Security professionals proudly describe how they assign owners to their organizations’ data and those owners “assume the risk of any compromise of the data.” Give me a break! The owner is invariably some business-unit manager who just wants to get the job done. The manager will agree to…