Ranum's rants: The anatomy of security disasters

Friday, 27 March 2009, 8:44 AM EST

Our challenge, as security practitioners, has always been to balance risk the tradeoff between the danger of doing something and the opportunity it presents. Since were not working in a field where the probabilities are simple, like they are on a roulette wheel, weve had to resort to making guesses, and trying to answer unanswerable questions. I dont know a single senior security practitioner who has not, at some point or other, had to defend an estimated likelihood of a bad thing happening against an estimated business benefit. In those cases, the result has less to do with security and more to do with whose meeting-organizational skills are superior, or whos better at explaining their viewpoint. Ive seen major security-critical business decisions get made based on whose golf buddy runs what business unit Im very skeptical of the notion that "Risk Management" has any value beyond the butt-covering obviousness of having made an attempt.

At the Tenable blog.

[ Read more ]




Spotlight

Windows 0-day exploited in ongoing attacks, temporary workarounds offered

Posted on 22 October 2014.  |  A new Windows zero-day vulnerability is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //