Ranum's rants: The anatomy of security disasters

Friday, 27 March 2009, 8:44 AM EST

Our challenge, as security practitioners, has always been to balance risk the tradeoff between the danger of doing something and the opportunity it presents. Since were not working in a field where the probabilities are simple, like they are on a roulette wheel, weve had to resort to making guesses, and trying to answer unanswerable questions. I dont know a single senior security practitioner who has not, at some point or other, had to defend an estimated likelihood of a bad thing happening against an estimated business benefit. In those cases, the result has less to do with security and more to do with whose meeting-organizational skills are superior, or whos better at explaining their viewpoint. Ive seen major security-critical business decisions get made based on whose golf buddy runs what business unit Im very skeptical of the notion that "Risk Management" has any value beyond the butt-covering obviousness of having made an attempt.

At the Tenable blog.

[ Read more ]




Spotlight

Fighting malware, emerging threats and AI

Posted on 24 November 2014.  |  Liran Tancman is the CEO of CyActive, a predictive cyber security company. In this interview he talks about fighting malware, emerging threats, artificial intelligence and the cloud.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Nov 25th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //