There are different kinds of risk. Some are desirable. Doing business means taking risk to make money. The risk appetite will vary between companies and over time.
Other risks represent things going wrong in a company's everyday activities. We call them operational. You won't have an appetite for them. Instead, we talk of risk tolerance. When do you decide to close a factory, do things differently to avoid the potential cost? Operational risks are risks you don't want. Infosec risks among them.
(some of) my events
- 2018-05-28 Informationssäkerhet för ledare (teaching course, Luleå)
- 2018-05-23--25 Teknisk informationssäkerhet (teaching course, Stockholm)
- 2018-05-17 Three Capabilities in a Crisis (guest lecturing at Mid Sweden University, Östersund)
- 2018-05-16 Info.säkerhet är inte "någon annans problem" (lunch seminar at Mid Sweden University, Östersund)
- 2018-04-18--20 Operativ informationssäkerhet (teaching course, Stockholm)