After moderating a great panel on risk management, I spoke with David Mortman, Director of security and operations at C3. His panel had a lot of differing opinions over just the definition of risk and whether it was predictable or not.
One issue that came up was when you eliminate risk (e.g., require everyone to wear seatbelts) people become more reckless (e.g., drive faster) and therefore create a new risk. Mortman said that tradeoff is not necessarily a bad thing because there are now new benefits as people can get to locations faster and be more efficient.
Changing your risk for another isn’t necessarily a bad thing. The goal is to make an intelligible trade off for risk, and not just create it at random, said Mortman.
Mortman and I also talked about predicting risk at a macro or micro level. While it’s impossible to predict what a specific person will do next, you can do it in the aggregate.
Categories: IT Security and Data Protection