What about risk?

« The business view of information security, part 2 | Main | OWASP in Eugene »

Risk is an important concept, but too often, bringing risk into a security discussion leads to more analysis and talk and not to productive action. I prefer productive action.

If your discussion is more abstract and includes terms such as confidentiality, integrity, availability, and non-repudiation, then maybe including the reduction of risk as a motivation is appropriate. But if you're in a meeting with the business and trying to determine concrete direction and actions, then I'd recommend that you translate risk into controlling business disruptions related to unauthorized access. Then you have something definite to talk about and measure.

Kevin Kenan on January 23, 2008 in Building a Security Program | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83420496153ef00e54ffb1c328834

Listed below are links to weblogs that reference What about risk?:

Comments

You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

Posted by: |

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:

Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

About

A blog by Kevin Kenan about technology, security, and the ancient craft of programming.
You might also be interested in checking out TeXTARIUM, where I chat about fiction, music, and the pursuit of the perfect shot of espresso.

My Book

Cryptography in the Database: The Last Line of Defense

My book on using cryptography to protect information stored in a database. Published by Addison-Wesley and Symantec Press. Read more at the book's site. The source code is available for download.

Dedication

My grandfather had a wonderful shop in his basement. To me, it was a place of mystery and fascination, and I would spend hours wandering through it, looking at all the tools and projects in various states of completion. Not being much of a wood worker, I've never had the need for such a shop (not to mention that I lack a basement), but recently it occurs to me that my gear, computers, and software are my shop. This site is for my late grandfather and everyone else who takes personal pride in carefully executed work.

Subscribe to this blog's feed

0xC0DE Shop