Security Basics mailing list archives

'risk' (was: Re: Vulnerability Assessment Checklists?

From: "Meritt James" <meritt_james () bah com>
Date: Wed, 03 Dec 2003 16:09:27 -0500

Concur in the extreme.  I recommend explicitely differentiating between
Programatic Risk, Business Risk, Information Risk, and Technology Risk. 
They are very different things and I have seen problems arise when
someone is looking for what they have seen in one (not what you have
done, though it has the same title "risk") and not find it.  I spent a
while with the client pinning them down as to their expectations and
recommend that you do the same.

Jim

Muhammad Faisal Rauf Danka wrote:

Techno-babble, might impress their IT staff, but for the management Business risk is more important than just the 
Technology risk.



-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Vulnerability Assessment Checklists? Kim Clark (Dec 01)
- Re: Vulnerability Assessment Checklists? Marcos E. Rodriguez (Dec 01)
- RE: Vulnerability Assessment Checklists? dave kleiman (Dec 01)
- <Possible follow-ups>
- RE: Vulnerability Assessment Checklists? McGill, Lachlan (Dec 01)
  - RE: Vulnerability Assessment Checklists? Random Task (Dec 04)
- RE: Vulnerability Assessment Checklists? Shawn Jackson (Dec 01)
- Re: Vulnerability Assessment Checklists? H Carvey (Dec 02)
- Re: Vulnerability Assessment Checklists? Muhammad Faisal Rauf Danka (Dec 03)
  - 'risk' (was: Re: Vulnerability Assessment Checklists? Meritt James (Dec 03)