Many methods for analysing Information Security Risks use the term assets, information assets or business assets interchangeably. This is a common foundation of Information Security risk analysis often providing a guide to the business impact of a risk being realised in particular systems that hold or access these assets. The…
Tag: security
Value of Security
The role of security in business is constantly up for debate, a growing movement in the UK around adopting some of Simon Wardley‘s approaches to strategy to a security strategy has started some interesting conversations again. For years security was seen as the department of no or the guys that…
Unmitigated Surprise and Why Robust Risk Identification Matters
I have been rediscovering my security risk management roots recently and developing the components of a quantitative approach to security risk management. I am picking up the risk books I put down in 2008 when Cyber became the new brand for information security. At that time I became much more…
Good security is a conversation, not an argument. Part Two.
In my previous post, I outlined why I feel the lack of good conversations between security practitioners and other people in their organisations leads to poor outcomes. A crucial part of the challenge is the need to truly develop a dialogue both parties need to listen to the other. “This…
Good security is a conversation, not an argument. Part One.
Successful security teams are in a conversation with the rest of their organisation about managing security risk; unsuccessful teams are always in an argument. Security risk management has to be a conversation. No one individual or group can own or fully control this risk due to the complex, interdependent and…