Title:
Flushing Away Preconceptions of Risk
Abstract:
Risk is often seen as a dirty word in business. It is a thing that needs to be reduced to nothing, and has no possible good use in an organization, especially a security programme.
This couldn’t be more wrong! Risk is an inherent part of any business, and yet it is often poorly recognized and leveraged in the security organisation. In this presentation Thom will look at three areas of the risk conundrum to open the veil on the elusive art of understanding and ultimately measuring risk:
- The initial interpretation of risk and how it is often misunderstood.
- The measurement of risk, and how some systems work and other don’t.
- The effective treatment of risk, and how sometimes the obvious thing to do can be the wrong thing to do.
With the use of analogies and examples, the audience will appreciate that risk assessment, measurement and management is not always as straightforward as it might first seem. The audience will leave with a new appreciation of how risk can be leveraged for good, and not just perceived as bad.
Duration:
45-50 minutes
Presented at:
44CON September 2014
Feedback: Speaker Score: 4.75/5 (standard deviation of .49), Content Score 4.63/5
IT Security Forum October 2014
Feedback: Speaker Score: 4.47/5, Quality 4.47/5, Content 4.41/5, Meets Needs 4.24/5
Comments: “A bit black and white”, “Use a more palatable analogy”, “A good light touch on risk assessment” & “Very enjoyable”
e-Crime & Information Security Congress, Amsterdam November 2014 (scheduled)
A look at how bad humans are at not only perceiving risk, but also measuring and addressing it, using analogies that will never be forgotten! Duration can also be cut down by 15-30 minutes be reducing removing sections as requirements demand.
Slides:
Thom Langford 