List Info

Thread: Re: RE: UNH Cyber Threat Calculator
Re: RE: UNH Cyber Threat Calculator
user name
 2007-02-20 09:44:39 
Hold the phone a minute....

All this talk of "Risk Analysis" and all I see
from the UNH press release is discussion of
"Threat".  A big difference, no?

While impacts are institution specific and probabilities are
always tough to calculate (lack of loss data), threats are
reasonably straightforward to calculate and a valid, usable
indicator of risk, no?

Write you answers on the back of a Pioneer PureVision
60" Flat-Panel Plasma HDTV and send to........
RE: RE: UNH Cyber Threat Calculator
user name
 2007-02-20 13:44:15 
This touches on why I think nomenclature really matters

http://securitybuddha.com/2007/02/01/nomenclature-matt
ers/

Now Monsieur V, as a CSO, what do you look for in a RA
methodology? Do you
hold time for quantitative RA's? Have you looked at FAIR?

Monsieur C.

Blog - http://www.securitybudd
ha.com
Fun - http://www.securitybu
llshit.com

-----Original Message-----
From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com] On
Behalf Of denis.verdonfnf.com
Sent: Tuesday, February 20, 2007 4:45 PM
To: psrcsecurityfocus.com
Subject: Re: RE: UNH Cyber Threat Calculator

Hold the phone a minute....

All this talk of "Risk Analysis" and all I see
from the UNH press release is
discussion of "Threat".  A big difference, no?

While impacts are institution specific and probabilities are
always tough to
calculate (lack of loss data), threats are reasonably
straightforward to
calculate and a valid, usable indicator of risk, no?

Write you answers on the back of a Pioneer PureVision
60" Flat-Panel Plasma
HDTV and send to........
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )