a useless paradigm?

Some argue that risk is a useless paradigm when a breach has occurred. It is happening, probability 100%, why theorize further?

To me, this analysis is surprisingly shallow.

Being under attack is not a binary thing, it is not about an enterprise losing its virginity once and for all. Sure, we must deal urgently with the current incident. But there's a host of potential events awaiting tomorrow which need to be foreseen and prevented.

Today's incident enlightens us in assessing current risk.

No comments: