SEARCH RESULTS
 
Showing 1-10 of 24 records
 
Expand article

Communicating about risk - part 2

The Article has images
2008-05-20 16:22:24 by JonesJ in RiskAnalys.is
...risk. On one axis we have Impact, and on the other we have Likelihood. Well save a discussion regarding Impact for another post, but in this post Id like to point out a couple of subtle but important limitations with the term likelihood Likelihood connotes the probability of an event occurring. In fact, you may see explicit probability...
 
Tags: risk, managements risk tolerance, enterprise risk tolerance, risk tolerance, likelihood, risk analysis, likelihood connotes, lines, likelihood statement refer
 
 
 
 
Expand article

Rational Risk Management, Angry Italians, and Irrational Security Analysts

2008-11-17 16:43:15 by Alex in RiskAnalys.is
 
...risk assessment. And he didnt want to wait for it To quote Chris Hayes, spending time on working out the expected effectiveness of controls, over a given timeframe, as measured against a baseline level of force was not going to pacify an angry Italian fearful that my decision was going to cost him money. He wanted my explanation of the risk...
 
Tags: risk, risk tolerance, risk models, practical risk analysis, strong risk anlayses, generous risk geeks, immature risk analysis, quote chris hayes, chris hayes
 
 
 
 
Expand article

Moving Towards A Mature Security Organization Using A Measured Approach to Risk Management

2008-12-22 18:09:29 by Alex in RiskAnalys.is
 
...risk managers suggested that these PCI Budgets werent going to suffer in 2009 I proceeded to write a several paragraph post about the role of PCI compliance in Information Risk Management, and how, if you had a significant portion of your budget allocated to buying more PCI, you were doing it wrong . My premise was that you should be...
 
Tags: mature, management, mature irm programs, irm, irm theory, irm program quality, irm managers, information risk management, risk
 
 
 
 
Expand article

Is Risk Management a People Problem?

2008-03-10 15:45:47 by Alex in RiskAnalys.is
 
...risk and how organizations can become more effective. Weve been thinking very hard about metrics and measurement and governance and compliance and assurance and so on and so forth. And one thing hit me funny today within that context, its the mention of the axiom Security is a People Problem In his article, What can CISOs learn from the...
 
Tags: risk management, risk, people, risk management issue, impacts people, security, security technology, risk tolerance, people lessons
 
 
 
 
Expand article

Appropriate funding

2008-05-13 12:24:49 by JonesJ in RiskAnalys.is
 
...risk, but Ill return to part two of that series next week One of the arguments Ive heard folks use to dismiss the notion of a risk-based approach to security is that its been tried and failed. The argument goes on to claim that it isnt possible to get appropriate funding for security because management just doesnt get it. And, while I agree...
 
Tags: risk, risk information, risk tolerance, risk-domains management, management, business considerations management, business, business objectives, business issues
 
 
 
 
Expand article

Thoughts on ISO 27005

2009-01-06 17:10:59 by Alex in RiskAnalys.is
 
...Risk Management link. Thank you The beginning of a reasoned response was written by Aleks on Andrew Gelmans blog ( http://www.stat.columbia.edu/~cook/movabletype/archives/2009/01/dont-blame-it-o.html Long-time readers of this blog will recall that I believe that Risk Estimation != Risk Management We security professionals have a really good...
 
Tags: risk, risk based, risk estimation, actual management, estimation, management, executive management, risk management, portfolio risk
 
 
 
 
Expand article

Who should do your security audits? Or, how do you organize the security department?

2008-02-07 22:25:32 by Steve Riley in Steve Riley on Security
 
...risk management. The standards folk know all about the bad guys and their techniques, and build up knowledge about which threats create risk for the organization. The alignment folk understand, through their constant interaction with people in the business units, all about business risk and get a feel for the business's risk tolerance -- that...
 
Tags: information, information assets, information security, alignment folk, security alignment folk, information security department, alignment, security department, security
 
 
 
 
Expand article

Risk Preferences in Chimpanzees and Bonobos

2008-04-17 06:20:51 by schneier in Schneier on Security
 
...risk. People tend to be risk averse when it comes to gains, and risk seeking when it comes to losses: Evolutionarily, presumably it is a better survival strategy to -- all other things being equal, of course -- accept small gains rather than risking them for larger ones, and risk larger losses rather than accepting smaller losses. Lions chase...
 
Tags: risk preferences, risk, relative risk preferences, risk-prone behaviour, approach, people approach risk, people, losses, risk larger losses
 
 
 
 
Expand article

Should We Treat Contractors The Same as Employees?

2008-03-26 13:47:43 by Alex in RiskAnalys.is
 
...risk-thinking individual and this, like every security issue we face - is really a question of risk A QUESTION OF RISK We can look at any population of users for common characteristics and group them together in what we call a Community. So lets group those who are employees into a category well call W-2s and those who are contractors into a...
 
Tags: threat, threat communities, threat agent applies, threat agents, threat event results, threat community, employees, risk tolerance, risk
 
 
 
 
Expand article

On Security & Risk Management Innovation

2008-11-12 14:23:30 by Alex in RiskAnalys.is