Former NSA and CIA director recommends managing consequences instead of vulnerabilities
The Risk Equation focuses all the attention on risk. In real life, that means threats, vulnerabilities, and consequences/costs are only important in that they are components in determining risk. Those inclined towards math will notice something interesting about this equation — when any one of the factors (threats, vulnerabilities, or consequences/costs) is zero or nonexistent, there is no risk.
Tippett adds, "By drilling down into each component, you'll often conclude that there's no risk — or at least no imminent risk — because at least one component of risk is zero or near zero."
To determine a value for each of the equation variables, Tippet suggests assigning weight to a series of questions that apply to each component. For example, questions for threat rate might include...
No comments:
Post a Comment