The information technology revolution has changed the way business is transacted, governments operate, and national defense is conducted. Protection of these systems is essential and continuous efforts to protect them have resulted in exponential growth in reported security incidents. There are threats from hackers, spies, corporate raiders, terrorists, professional criminals, and vandals -- all of whom have a vested interest and well defined objectives for challenging the technology for financial and political gain, leading to damages to the enterprise infrastructure.
Expand all |
Post comment
corporate environment. In most situations, I figured out risk analysis should be kept simple to be
efficient so that it could be reviewed over and over as threats and the analysis perimeter evolve.
Theorizing the analysis is tempting but you bring additionnal complexity to an already non trivial
process. Practical solutions derived from the traditionnal approches are more likely to be efficient in
the long term as you can both manage risk efficiently and offer a better oulook to your company.
I have the same kind of feeling regarding asset value, a conveniant way to get more budget but not an indicator I would put much trust on in most situations unless the financial department is willing to participate.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/infocus/1896/1060#1060