Throughout this text, we try not to offer too many modelling rules. Instead, the focus lies on techniques that readers will be able to put together as necessary to produce a good model of their particular problem. However, there are a few basic principles that are worth adhering to. Morgan and Henrion (1990) offer excellent "ten golden rules" in relation to quantitative risk and policy analysis. You might want to print these out as a big poster to put on your office's wall.
....
Read More
Unfortunately, good information security risk decisions are often impacted by the following problems:
Decisions are made, without visibility into the risk, and sufficient understanding of the business context in which the risk is (or is not) relevant.
Often, technology is acquired to enable a single business initiative without knowledge of the business’s entire risk portfolio, risk tolerance, liability, and business goals. As a result, financial and operational resources are poorly allocated, with less important business assets and processes receiving too much investment and those that are more critical receiving too little. ....
Read More
Recently Added