Improving signal-to-noise in risk management

http://www.flickr.com/photos/vek/8016156821/

One of the most important responsibilities of the information security professional (or any IT professional, for that matter) is to help management make well-informed decisions. Unfortunately, this has been an elusive objective when it comes to risk. Although we’re great at identifying control deficiencies, and we can talk all day long about the various threats we face, we have historically had a poor track record when it comes to risk. There are a number of reasons for this, but in this article I’ll focus on just one — definition.

Tags: 

Read more: Improving signal-to-noise in risk management

Story added 28. January 2013, content source with full text you can find at link above.