The Goal of Risk Management: Difference between revisions
From Cramsession
Jump to navigationJump to search
✍️ Verified Author: Mflavell • Click to view professional profile & credentials
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
[[Cybersecurity]] > [[Assessing Risk]] > The Goal of Risk Management | [[Cybersecurity]] > [[Assessing Risk]] > The Goal of Risk Management | ||
You cannot remove risk: | |||
| Line 6: | Line 8: | ||
* Providing additional layers of security (layers of cheese) reduces the likelihood of an attack. | * Providing additional layers of security (layers of cheese) reduces the likelihood of an attack. | ||
Additional layers however create additional problems: | Additional layers however create additional problems: | ||
* More room for configuration errors (most outages result from human error) | * More room for configuration errors (most outages result from human error) | ||
Revision as of 23:55, 16 May 2025
Cybersecurity > Assessing Risk > The Goal of Risk Management
You cannot remove risk:
- Risk cannot be completely eliminated.
- Providing additional layers of security (layers of cheese) reduces the likelihood of an attack.
Additional layers however create additional problems:
- More room for configuration errors (most outages result from human error)
- More expertise and expense to manage the system
- More latency or outages.
