I am writing a series of posts describing Information Security Risk, from concepts to analysis and management. This is the first, what is Information Security Risk itself. Defining risk is a source of much debate from semantic to philosophical. What is clear is that risk refers to our uncertainty about…
Tag: security risk
Information Security Risk Universe
In my previous post, I introduced the concept of a ‘Risk Universe’ which I flesh out in more detail here. A Risk Universe provides a comprehensive view of the possible risks we face to aid in categorisation but also to act as a check on the scope of our risk…
Unmitigated Surprise and Why Robust Risk Identification Matters
I have been rediscovering my security risk management roots recently and developing the components of a quantitative approach to security risk management. I am picking up the risk books I put down in 2008 when Cyber became the new brand for information security. At that time I became much more…