One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 1495744 |
| Date de publication | 2019-11-29 06:59:00 (vue: 2020-01-03 15:00:04) |
| Titre | NBlog Nov 28 - risks, dynamics and strategies |
| Texte |  Of information risk management, "It's dynamic" said my greybeard friend Anton Aylward - a good point that set me thinking as Anton so often does.Whereas normally we address information risks as if they are static situations using our crude risk models and simplistic analysis, we know many things are changing ... sometimes unpredictably, although often there are discernible trends.On Probability-Impact Graphs (PIGs), it is possible to represent changing risks with arrows or trajectories, or even time-sequences. I generated an animated GIF PIG once showing how my assessment of malware risks had changed over recent years, with certain risks ascending (and projected to increase further) whereas others declined (partly because our controls were reasonably effective). It's tricky though, and highly subjective ... and the added complexity/whizz-factor tends to distract attention from the very pressing current risks, plus the uncertainties that make evaluating and treating the risks so, errrr, risky (e.g. I didn't foresee the rise of cryptomining malware, and who knows what novel malware might suddenly appear at any time?).A simpler approach is to project or imagine what will be the most significant information risks for, say, the year or two or three ahead. You don't need many, perhaps as few as the "top 5" or "top 10", since treating them involves a lot of work, while other risks are often also reduced coincidentally as controls are introduced or improved. It's possible to imagine/project risks even further out, which may suit a security architec |
| Envoyé | Oui |
| Condensat | an i it you about added address ahead all also although analysis animated another anton any appear approach architectural are arrows ascending aspect assessment asset attention authentication aylward because biometrics both catch certain changed changing coincidentally comment complexity/whizz consider contingency controls cope corporation crude cryptomining current declined desperately development didn discernible trends distract does don dynamic dynamics effective errrr evaluating even fact factor find foresee friend from further future generated gif good graphs greybeard had helps here highly how imagine imagine/project impact implement improved increase increasing information inherently insightful introduced involves iso27k its know knows liability lot make malware management managing many may might modelling models most nblog need normally nov novel now often once one options organization other others out over partly past perhaps pig pigs plan planning plus point possible pressing probability project projected projections prompted quite ramble realm reasonably recent reduced represent requirements resilience restricts rigidly rise risk risks risky said say security sequences set showing significant simpler simplistic since situations sometimes static strategic strategies structured subjective suddenly suit system taking tends them therefore things thinking though three throwaway time top trajectories treating treatment tricky trying turn two uncertain uncertainties unpredictably using very what whereas which who will work worker year years yet yourself |
| Tags | Malware |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.