Speaker
Mr
James Bore
Description
Risk management is at the core of what we do in security, and yet is used as much of an excuse not to pursue security as to follow it.
This talk will look at removing likelihood from the risk management equation and taking a whole new approach in communicating risk. Instead of heatmaps or four by four boxes, we will look at assessing risks through scenario exercises to determine if the impact of the event is acceptable and requires no action, or not acceptable and needs controls applies.
Most importantly, we'll look at using scenarios without resorting to FUD (fear, uncertainty, and doubt) to highlight genuine concerns without diving into hyperbole.
Talk length | 45 |
---|---|
Have you presented this talk before | No |
Primary author
Mr
James Bore