I’ve been talking with a lot of companies lately about risk. Many of them want to formalize their approach to classifying systems, data, business processes, people, etc. using a more formal risk program, such as FAIR, OCTAVE, and the like. These models often seem fairly complex, and the net effect I’m seeing is that lots [...]


Loading content...