Security Basics mailing list archives
'risk' (was: Re: Vulnerability Assessment Checklists?
From: "Meritt James" <meritt_james () bah com>
Date: Wed, 03 Dec 2003 16:09:27 -0500
Concur in the extreme. I recommend explicitely differentiating between Programatic Risk, Business Risk, Information Risk, and Technology Risk. They are very different things and I have seen problems arise when someone is looking for what they have seen in one (not what you have done, though it has the same title "risk") and not find it. I spent a while with the client pinning them down as to their expectations and recommend that you do the same. Jim Muhammad Faisal Rauf Danka wrote:
Techno-babble, might impress their IT staff, but for the management Business risk is more important than just the Technology risk.
-- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566 --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Vulnerability Assessment Checklists? Kim Clark (Dec 01)
- Re: Vulnerability Assessment Checklists? Marcos E. Rodriguez (Dec 01)
- RE: Vulnerability Assessment Checklists? dave kleiman (Dec 01)
- <Possible follow-ups>
- RE: Vulnerability Assessment Checklists? McGill, Lachlan (Dec 01)
- RE: Vulnerability Assessment Checklists? Random Task (Dec 04)
- RE: Vulnerability Assessment Checklists? Shawn Jackson (Dec 01)
- Re: Vulnerability Assessment Checklists? H Carvey (Dec 02)
- Re: Vulnerability Assessment Checklists? Muhammad Faisal Rauf Danka (Dec 03)
- 'risk' (was: Re: Vulnerability Assessment Checklists? Meritt James (Dec 03)