funsec mailing list archives

Re: More bad news for risk management

From: Jeffrey Walton <noloader () gmail com>
Date: Sat, 18 Aug 2012 12:17:40 -0400

Hi Tom,

On Fri, Aug 17, 2012 at 12:43 AM, Tomas L. Byrnes <tomb () byrneit net> wrote:

Ignoring risk is a perfectly valid way of managing it, if the return of
putting the resources into the risky endeavor exceed the costs of
putting them into managing the risk.

I know its common practice, but I respectfully disagree. Its been my
experience that most problems can be solved correctly from an
engineering standpoint. Risk acceptance (or ignoring risk) is often
used as a way to justify the sale or use of a defective product or
service.

Waiting or hoping for corporations to do the right thing is futile for
most corporations. Asking folks like you and I to use a defective
product because management wants to persue profits is a pervision. All
the more reason we (consumers and users) need strong liability and
merchanibility laws; and corporate boards should be held personably
liable for the negligence.

It's probably hard wired into our psyche.

Not all of the people all of the time ;)

Jeff

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Rob, grandpa of Ryan, Trevor, Devon & Hannah
Sent: Tuesday, August 14, 2012 3:03 PM
To: funsec () linuxbox org
Cc: infosecbc () yahoogroups com
Subject: [funsec] More bad news for risk management

Overconfidence make you successful in business.

http://www.dailymail.co.uk/sciencetech/article-2188148/Sir-Alan-Sugar-ef
fect-
Overconfidence-make-successful-workplace.html

Not just confidence, mind you, *over*confidence.

Add in the Dunning-Kruger effect:
http://www.spring.org.uk/2012/06/the-dunning-kruger-effect-why-the-
incompetent-dont-know-theyre-incompetent.php

... and the Peter Principle:
http://en.wikipedia.org/wiki/Peter_Principle

... and you start to realize why all those huge banks keep failing ...

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

More bad news for risk management Rob, grandpa of Ryan, Trevor, Devon & Hannah (Aug 14)
- Re: More bad news for risk management Tomas L. Byrnes (Aug 16)
  - Re: More bad news for risk management Jeffrey Walton (Aug 18)
    - Re: More bad news for risk management valdis . kletnieks (Aug 19)
    - Re: More bad news for risk management Stephanie Daugherty (Aug 19)
    - Re: More bad news for risk management Jeffrey Walton (Aug 19)
    - Re: More bad news for risk management Jeffrey Walton (Aug 19)
    - Re: More bad news for risk management Tomas L. Byrnes (Aug 19)