Tag Archives: inductive logic

Why the “Risk = Threat x Vulnerability x Impact” Formula is Mathematical Nonsense — Part 2

August 31, 2010 – 6:00 am – In my last post, I argued that security risk managers should stop using the “Risk = Threat x Vulnerability x Impact” formula (hereafter, the “R=TVC formula”), for two reasons. First, the variables “Threat” and “Vulnerability” are typically undefined; indeed,…
By | Posted in Risk Analysis | Also tagged , , , , , , , , , , | Comments (1)

Decision Theory is the Foundation for Information Security Risk Management

August 18, 2010 – 6:00 am – Disclaimer: I originally wrote the following text as a post to a mailing list in 2005, but it still seems applicable today. The more I read the writings of various information security professionals about information security risk analysis (ISRA), the more I’m struck by the following…
By | Posted in Risk Analysis | Also tagged , , , | Comments (2)