Ranum's rants: The anatomy of security disasters

Friday, 27 March 2009, 8:44 AM EST

Our challenge, as security practitioners, has always been to balance risk the tradeoff between the danger of doing something and the opportunity it presents. Since were not working in a field where the probabilities are simple, like they are on a roulette wheel, weve had to resort to making guesses, and trying to answer unanswerable questions. I dont know a single senior security practitioner who has not, at some point or other, had to defend an estimated likelihood of a bad thing happening against an estimated business benefit. In those cases, the result has less to do with security and more to do with whose meeting-organizational skills are superior, or whos better at explaining their viewpoint. Ive seen major security-critical business decisions get made based on whose golf buddy runs what business unit Im very skeptical of the notion that "Risk Management" has any value beyond the butt-covering obviousness of having made an attempt.

At the Tenable blog.

[ Read more ]




Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Aug 27th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //