Giving a talk at ATLSecCon on Thursday April 9 at 3pm.
-
Giving a talk at ATLSecCon on Thursday April 9 at 3pm. The thesis: cybersecurity is always and everywhere a risk management function.
Frameworks, certs, Bodies of Knowledge — everyone has an answer to how we should do security. But ask "what are we actually trying to accomplish?" and things get quieter.
Rick Howard's formulation: reduce the probability of a material cyber event in the next business cycle. Not perfect security. Not audit compliance. Risk.
Come tell me I'm wrong.
-
Giving a talk at ATLSecCon on Thursday April 9 at 3pm. The thesis: cybersecurity is always and everywhere a risk management function.
Frameworks, certs, Bodies of Knowledge — everyone has an answer to how we should do security. But ask "what are we actually trying to accomplish?" and things get quieter.
Rick Howard's formulation: reduce the probability of a material cyber event in the next business cycle. Not perfect security. Not audit compliance. Risk.
Come tell me I'm wrong.
@infosecstoic cool, I'm looking forward to hearing it but expect nothing from me but confirmation bias
-
R relay@relay.infosec.exchange shared this topic
