Expanded

Risk Decisions in an Imperfect World

In this talk, Mark Nunnikhoven will examine the challenge around identifying realistic threats to your work, various risk assessment models, and how to take a reasonable approach to making risk decisions with insufficient data.
Course info
Level
Intermediate
Updated
Oct 7, 2020
Duration
30m
Table of contents
Risk Decisions in an Imperfect World
Description
Course info
Level
Intermediate
Updated
Oct 7, 2020
Duration
30m
Description

Security is often spoken of in absolutes. Is this secure? Is that insecure? The reality is that security is a spectrum. It is a series of implicit and explicit decisions made to meet the business needs within an acceptable risk tolerance. What is an acceptable risk? How can you determine what threats pose a risk to your work? How likely are those threats to occur? Is there data available to support these determinations? The answers to these questions are vague at best. This leads a lot of teams to practice security as a set of “best practices” with little understanding of what risk a control or process is supposed to address. In this talk, Mark Nunnikhoven will examine the challenge around identifying realistic threats to your work, various risk assessment models, and how to take a reasonable approach to making risk decisions with insufficient data.

About the author
About the author

DevSecCon is the global community dedicated to DevSecOps to help implement security in the overall development process.

More from the author
gRPC on Kubernetes
Intermediate
24m
Oct 7, 2020
When Music and Software Come Together
Intermediate
25m
Oct 7, 2020
More courses by DevSecCon