Home > InfoSec, Peak Performance > Are you wasting your security dollars again??

Are you wasting your security dollars again??

I frequently write about attaining and measuring value in security, but I have never come across such a systematic and to-the-point analysis as Richard Bejtlich’s TaoSecurity post.  Here’s an excerpt:

Are you secure?  Prove it. These five words form the core of my
recent thinking on the digital security scene. Let me expand "secure"
to mean the definition I provided in my first book: Security is the process of maintaining an acceptable level of perceived risk.  I defined risk as the probability of suffering harm or loss.  You could expand my five word question into are you operating a process that maintains an acceptable level of perceived risk?

thanks to Hoff’s most excellent blog, Rational Survivability, for drawing my attention to it.

Advertisements
Categories: InfoSec, Peak Performance
  1. November 25, 2007 at 6:26 pm

    Steve, I like the definition that includes the element of fiscal responsibility: “Security is the process of reducing security risks to acceptable levels at an acceptable cost”. This definition is well-aligned with ISO-27001, which is a guideline standard that I like to apply to both physical and information systems security.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: