Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Learn from history?

From: Steffen Kluge <kluge () fujitsu com au>
Date: Tue, 11 May 2004 17:23:25 +1000
On Tue, 2004-05-11 at 00:50, Michal Zalewski wrote:

R = E x p

R = Risk
E = event
p = probability of the event happening


If we must toy with bogus marketspeak "equations", shouldn't E - at the
very least - numerically correspond to the consequences (loss?) caused by
an event, rather than being an event itself?


Of course. Prevalent risk management standards put "impact" in the place
of "event" (which isn't quantifiable anyway). And they don't use an
arithmetic product to combine impact and likelihood, but rather a
matrix, which is not linear but more close to reality.


Otherwise, my risk R of getting a bar of chocolate from a stranger is
0.001 * getting_chocolate_bar_from_stranger.


Having avoided carbs for quite a while I can't really comment...

Cheers
Steffen.

Attachment: signature.asc
Description: This is a digitally signed message part

Previous By Date Next
Previous By Thread Next

Current thread: