funsec mailing list archives

Re: More bad news for risk management

From: valdis.kletnieks () vt edu
Date: Sun, 19 Aug 2012 11:29:25 -0400

On Sat, 18 Aug 2012 12:17:40 -0400, Jeffrey Walton said:

On Fri, Aug 17, 2012 at 12:43 AM, Tomas L. Byrnes <tomb () byrneit net> wrote:

Ignoring risk is a perfectly valid way of managing it, if the return of
putting the resources into the risky endeavor exceed the costs of
putting them into managing the risk.

I know its common practice, but I respectfully disagree. Its been my
experience that most problems can be solved correctly from an
engineering standpoint.


Reading comprehension fail.  Tomas's point is that yes, often there *is* an
engineering solution.  But if you invest $250K in an engineering solution for a
problem that only risks $100K loss, you're being stupid.  At that point, just
making a note that you have a potential $100K liability and getting on with
your life *is* the proper way to manage that risk.

(Of course, if the engineering solution only costs $10K, then yes it should be
pursued.  But only when it costs less than just ignoring the risk).

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

More bad news for risk management Rob, grandpa of Ryan, Trevor, Devon & Hannah (Aug 14)
- Re: More bad news for risk management Tomas L. Byrnes (Aug 16)
  - Re: More bad news for risk management Jeffrey Walton (Aug 18)
    - Re: More bad news for risk management valdis . kletnieks (Aug 19)
    - Re: More bad news for risk management Stephanie Daugherty (Aug 19)
    - Re: More bad news for risk management Jeffrey Walton (Aug 19)
    - Re: More bad news for risk management Jeffrey Walton (Aug 19)
    - Re: More bad news for risk management Tomas L. Byrnes (Aug 19)