I often hear calls for security to be treated as a business issue. This seems to vary from calls for the Board of Directors to take an increased interest in security to calls for CISOs to raise their gaze from the technology and consider the whole business. I have myself…
Category: Risk
What is Likelihood?
In my previous post, I investigated the various definitions of Information Security Risk. Here I look at the first consideration for an information security risk analyst, how likely is the risk event to occur? What is it’s likelihood? Likelihood is commonly used in English as a synonym for probability, and…
What is Information Security Risk?
I am writing a series of posts describing Information Security Risk, from concepts to analysis and management. This is the first, what is Information Security Risk itself. Defining risk is a source of much debate from semantic to philosophical. What is clear is that risk refers to our uncertainty about…
Insider Risk Management
Insiders are legitimate, trusted, individuals we rely on as part of our business activities.
Information Security Risk Universe
In my previous post, I introduced the concept of a ‘Risk Universe’ which I flesh out in more detail here. A Risk Universe provides a comprehensive view of the possible risks we face to aid in categorisation but also to act as a check on the scope of our risk…