Risk Decisions in an Imperfect World
Mark Nunnikhoven at All The Talks 2020 - DevOps
Security is often spoken of in absolutes. Is this secure? Is that insecure? The reality is that security is a spectrum. It is a series of implicit and explicit decisions made to meet the business needs within an acceptable risk tolerance.
What is an acceptable risk? How can you determine what threats pose a risk to your work? How likely are those threats to occur? Is there data available to support these determinations?
The answers to these questions are vague at best. This leads a lot of teams to practice security as a set of “best practices” with little understanding of what risk a control or process is supposed to address.
In this talk, we’ll examine the challenge around identifying realistic threats to your work, various risk assessment models, and how to take a reasonable approach to making risk decisions with insufficient data.
Mark Nunnikhoven
Vice President, Cloud Research at Trend Micro
Cybersecurity is hard. When viewed through a traditional lens, security is focused on stopping bad things from happening. That's part of the picture, but only a very narrow slice. There is a better way.
Mark is a forensic scientist and security leader who has spent more than 20 years helping to defend private and public systems from cybercriminals, hackers, and nation states. A sought after speaker, writer, and technology pundit, his message is simple: secure and private systems are a requirements in today's world, not a luxury.
What is an acceptable risk? How can you determine what threats pose a risk to your work? How likely are those threats to occur? Is there data available to support these determinations?
The answers to these questions are vague at best. This leads a lot of teams to practice security as a set of “best practices” with little understanding of what risk a control or process is supposed to address.
In this talk, we’ll examine the challenge around identifying realistic threats to your work, various risk assessment models, and how to take a reasonable approach to making risk decisions with insufficient data.
Mark Nunnikhoven
Vice President, Cloud Research at Trend Micro
Cybersecurity is hard. When viewed through a traditional lens, security is focused on stopping bad things from happening. That's part of the picture, but only a very narrow slice. There is a better way.
Mark is a forensic scientist and security leader who has spent more than 20 years helping to defend private and public systems from cybercriminals, hackers, and nation states. A sought after speaker, writer, and technology pundit, his message is simple: secure and private systems are a requirements in today's world, not a luxury.