funsec mailing list archives
Re: More bad news for risk management
From: valdis.kletnieks () vt edu
Date: Sun, 19 Aug 2012 11:29:25 -0400
On Sat, 18 Aug 2012 12:17:40 -0400, Jeffrey Walton said:
On Fri, Aug 17, 2012 at 12:43 AM, Tomas L. Byrnes <tomb () byrneit net> wrote:Ignoring risk is a perfectly valid way of managing it, if the return of putting the resources into the risky endeavor exceed the costs of putting them into managing the risk.I know its common practice, but I respectfully disagree. Its been my experience that most problems can be solved correctly from an engineering standpoint.
Reading comprehension fail. Tomas's point is that yes, often there *is* an engineering solution. But if you invest $250K in an engineering solution for a problem that only risks $100K loss, you're being stupid. At that point, just making a note that you have a potential $100K liability and getting on with your life *is* the proper way to manage that risk. (Of course, if the engineering solution only costs $10K, then yes it should be pursued. But only when it costs less than just ignoring the risk).
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- More bad news for risk management Rob, grandpa of Ryan, Trevor, Devon & Hannah (Aug 14)
- Re: More bad news for risk management Tomas L. Byrnes (Aug 16)
- Re: More bad news for risk management Jeffrey Walton (Aug 18)
- Re: More bad news for risk management valdis . kletnieks (Aug 19)
- Re: More bad news for risk management Stephanie Daugherty (Aug 19)
- Re: More bad news for risk management Jeffrey Walton (Aug 19)
- Re: More bad news for risk management Jeffrey Walton (Aug 19)
- Re: More bad news for risk management Tomas L. Byrnes (Aug 19)
- Re: More bad news for risk management Jeffrey Walton (Aug 18)
- Re: More bad news for risk management Tomas L. Byrnes (Aug 16)