hi sc-l,
I wrote my latest SearchSecurity article based on conversations I have been
having with a number of CSOs and security execs. It’s about what happens when
risk management goes bad. The biggest failure condition seems to be “ignoring
the lows” entirely.
Anyway, have a read and pass
Gary,
On Sat, Feb 21, 2015 at 6:13 AM, Gary McGraw g...@cigital.com wrote:
I wrote my latest SearchSecurity article based on conversations I have been
having with a number of CSOs and
security execs. It’s about what happens when risk management goes bad. The
biggest failure condition
hi christian,
Good point.
A combined risk score based on “SIL” levels is what I was using in my
article. The combination risk score takes into account both technology
risk and business risk. Using one component or the other alone is folly.
gem
On 2/24/15, 4:13 AM, Christian Heinrich