▶ 1.4 Prioritizing Risks
Alice is lucky; larger enterprises are faced with many more risks. A really long list poses a challenge: Can we address all risks; if not, which do we address first? Naturally, we want to protect against the next attack, whatever it might be. We can’t predict the future, so we must make our best guess.
We can aid our decision-making by analyzing the risks and estimating their relative significance. The estimate compares the risks’ relative costs over time. We estimate the impact of the risk’s occurrence. We then estimate how often the risk might occur. To illustrate, we first calculate the significance of a shoplifter stealing Alice’s laptop. Then we apply the same approach to all 11 of Alice’s risks.
We calculate ...
Get Elementary Information Security, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
