Defending against Actual IT Threats
Roger Grimes has written an interesting paper: “Implementing a Data-Driven Computer Security Defense.” His thesis is that most organizations don’t match their defenses to the actual risks. His paper explains how it got to be this way, and how to fix it.
NOT [FATE] A = <CHANCE> NOT A • November 27, 2015 9:01 AM
By risk we do mean expectation value Risk = Pr(x)*Cost(x) and not just Pr(x)?