Among the first decisions a risk practitioner faces is whether to express risk
quantitatively or qualitatively. We consider this framing to be a red herring.
The meaningful distinction is not between methods,
but between results.
Managing risk
Content
Two approaches to managing risk
What is risk, and why bother managing it?
Latest
Every organisation has its own reasons for protecting information,
shaped by what it does, who it serves, and what it is trying to achieve.
In this post we look at why information security matters now more than ever.
Most of us understand risk as something ominous:
a danger, a threat, something that could go wrong.
Yet we celebrate risk-taking as bravery.
If we are rational beings, however,
how can we hold both of these conflicting beliefs simultaneously?