Secure Coding mailing list archives
Re: [article] When risk management goes bad
From: Christian Heinrich <christian.heinrich () cmlh id au>
Date: Tue, 24 Feb 2015 20:13:50 +1100
Gary, On Sat, Feb 21, 2015 at 6:13 AM, Gary McGraw <gem () cigital com> wrote:
I wrote my latest SearchSecurity article based on conversations I have been having with a number of CSOs and security execs. It’s about what happens when risk management goes bad. The biggest failure condition seems to be “ignoring the lows” entirely.
"High" technology risks, such as chained exploits, are "low" business risks in the context of ISO 31000 et al. -- Regards, Christian Heinrich http://cmlh.id.au/contact _______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- [article] When risk management goes bad Gary McGraw (Feb 24)
- Re: [article] When risk management goes bad Christian Heinrich (Feb 24)
- Re: [article] When risk management goes bad Gary McGraw (Feb 24)
- Re: [article] When risk management goes bad Christian Heinrich (Feb 24)