How to assess risk – Part I: Asking the right questions
It seems to me that self-assessment of risk is a difficult process to understand and execute, primarily because the employees who are asked to assess the risk in their business process, a) don’t really understand the notion of risk and b) don’t really care. Let’s face it – risk is difficult to understand, since it […]
The problem of security information sharing
In a previous post Sharing security information I suggested that fragmentation of knowledge is a root cause of security breaches. I was thinking about the problem of sharing data loss information this past week and I realized that we are saturated with solutions, technologies, policies, security frameworks and security standards – COBIT, ISO27001 etc.. The […]
