Tag Archives: inductive logic
Why the “Risk = Threat x Vulnerability x Impact” Formula is Mathematical Nonsense — Part 2
August 31, 2010 – 6:00 am
–
In my last post, I argued that security risk managers should stop using the “Risk = Threat x Vulnerability x Impact” formula (hereafter, the “R=TVC formula”), for two reasons. First, the variables “Threat” and “Vulnerability” are typically undefined; indeed,…
Decision Theory is the Foundation for Information Security Risk Management
August 18, 2010 – 6:00 am
–
Disclaimer: I originally wrote the following text as a post to a mailing list in 2005, but it still seems applicable today. The more I read the writings of various information security professionals about information security risk analysis (ISRA), the more I’m struck by the following…