Tag Archives: risk-based information security program

Risk Assessment Gone Awry: The Costly, and Unpleasant, Consequences of Good Intentions

– We are all well aware that information security controls should be “risk-based.”  Innumerable email messages received from vendors stress this apparent truth, and conference speakers are forever reminding us that risk assessment must serve as the foundation of an effective—and…