Risk should be objectively identified.
This implies establishing timing and scope in such a way that best supports the decision situation which triggered this SRA.
We must also capture the most important risk components and successfully construct combinations which constitute the most relevant risks within scope.
Objectivity in risk identification requires complete knowledge of our system as well as existing threat sources and vulnerabilities plus unlimited creativity and a total lack of bias.
(some of) my events
- 2018-05-28 Informationssäkerhet för ledare (teaching course, Luleå)
- 2018-05-23--25 Teknisk informationssäkerhet (teaching course, Stockholm)
- 2018-05-17 Three Capabilities in a Crisis (guest lecturing at Mid Sweden University, Östersund)
- 2018-05-16 Info.säkerhet är inte "någon annans problem" (lunch seminar at Mid Sweden University, Östersund)
- 2018-04-18--20 Operativ informationssäkerhet (teaching course, Stockholm)