Just like Schrödinger and his quantum feline, most companies are just making assumptions about the state of their cybersecurity risks.
It looks entirely possible you will have ‘adequate’ security dictated by your insurers, so it is your job to understand the risk based yardstick they’re using to define that
How do you avoid the situation that Sony currently finds its self in? How do you accurately assess potential loss and the likelihood of that loss occurring to make good security decisions?
About half of internal audit’s key stakeholders do not believe that internal audit is either delivering the value it should or addressing the risks that matter
Ramblings on risk starting with John Pescatore and ending with comments from FAIR risk framework creator Jack Jones. This is a direct transcription of a discussion about risk management on LinkedIn started […]
There is no such thing as Information Security risk. There are just business risks that have one or more security or IT related causes.