I never like to see the term ‘impact’. Its not a metric. I discuss how length, temperature, weight, are metrics whereas speed, acceleration, entropy are derived values. In the same sense, ‘impact’ is a derived value – “the cost of the harm to an asset”. The value of an asset …
Image via Wikipedia Take a look at this article. http://www.zdnet.com/blog/security/security-engineering-broken-promises/6503 You’re back? What did you think of it? OK, now look again, scroll down the section titled “Risk Management“. It picks up on a number of themes I’ve discussed and has this interesting observation: Prioritization of security efforts is a …
“Risk” is not a primary metric. What do I mean by that? Primary metrics you can measure easily. In physics they are things like length, weight, temperature, time-duration. Secondary metrics most people can understand: rate of change that we call speed (length as distance and elapsed time). Some secondary and …
What we had drilled into us when I worked in Internal Audit and when I was preparing for the CISA exam was the following RISK is the PROBABILITY that a THREAT will exploit a VULNERABILITY to cause harm to an ASSET R = f(T, V, A) Why do you think …
© 2013 The InfoSec Blog
Powered by Esplanade Theme by One Designs and WordPress