Risk Decisions in an Imperfect World
In this talk, Mark Nunnikhoven will examine the challenge around identifying realistic threats to your work, various risk assessment models, and how to take a reasonable approach to making risk decisions with insufficient data.
Security is often spoken of in absolutes. Is this secure? Is that insecure? The reality is that security is a spectrum. It is a series of implicit and explicit decisions made to meet the business needs within an acceptable risk tolerance. What is an acceptable risk? How can you determine what threats pose a risk to your work? How likely are those threats to occur? Is there data available to support these determinations? The answers to these questions are vague at best. This leads a lot of teams to practice security as a set of “best practices” with little understanding of what risk a control or process is supposed to address. In this talk, Mark Nunnikhoven will examine the challenge around identifying realistic threats to your work, various risk assessment models, and how to take a reasonable approach to making risk decisions with insufficient data.
Author Name: DevSecCon
Author Description:
DevSecCon is the global community dedicated to DevSecOps to help implement security in the overall development process. If you’re a security enthusiast & you want to learn more about how to better secure your team, then check out our community & resources.
There are no reviews yet.