Home page logo

basics logo Security Basics mailing list archives

'risk' (was: Re: Vulnerability Assessment Checklists?
From: "Meritt James" <meritt_james () bah com>
Date: Wed, 03 Dec 2003 16:09:27 -0500

Concur in the extreme.  I recommend explicitely differentiating between
Programatic Risk, Business Risk, Information Risk, and Technology Risk. 
They are very different things and I have seen problems arise when
someone is looking for what they have seen in one (not what you have
done, though it has the same title "risk") and not find it.  I spent a
while with the client pinning them down as to their expectations and
recommend that you do the same.


Muhammad Faisal Rauf Danka wrote:

Techno-babble, might impress their IT staff, but for the management Business risk is more important than just the 
Technology risk.

James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]