Secure Coding mailing list archives

Re: [article] When risk management goes bad

From: Christian Heinrich <christian.heinrich () cmlh id au>
Date: Tue, 24 Feb 2015 20:13:50 +1100

Gary,

On Sat, Feb 21, 2015 at 6:13 AM, Gary McGraw <gem () cigital com> wrote:

I wrote my latest SearchSecurity article based on conversations I have been having with a number of CSOs and
security execs.  It’s about what happens when risk management goes bad.  The biggest failure condition seems
to be “ignoring the lows” entirely.


"High" technology risks, such as chained exploits, are "low" business
risks in the context of ISO 31000 et al.


-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

Current thread:

[article] When risk management goes bad Gary McGraw (Feb 24)
- Re: [article] When risk management goes bad Christian Heinrich (Feb 24)
  - Re: [article] When risk management goes bad Gary McGraw (Feb 24)