Among the first decisions a risk practitioner faces is whether to express risk
quantitatively or qualitatively. We consider this framing to be a red herring.
The meaningful distinction is not between methods,
but between results.
Random thoughts
Content
Latest
Every organisation has its own reasons for protecting information,
shaped by what it does, who it serves, and what it is trying to achieve.
In this post we look at why information security matters now more than ever.
Most of us understand risk as something ominous:
a danger, a threat, something that could go wrong.
Yet we celebrate risk-taking as bravery.
If we are rational beings, however,
how can we hold both of these conflicting beliefs simultaneously?