We like to think of Security Risk Management as an objective practice. After all - if stakeholders are expected to foot the bill for mitigating risk, they will want to base such a decision on solid ground. They need facts, don't they?
Hold it right there.
What is a fact about risk? Risk concerns potential future events. What facts do we have about the future? That's right. None, whatsoever.
So, in the absence of facts - what can we offer? Is there such a thing as an objective risk assessment?
(some of) my events
- 2021-06-15--16 Stockholm Criminology Symposium (attending conference)
- 2021-04-15 Certifierad IT-arkitekt (guest lecturing, Stockholm)
- 2021-03-29--06-04 Hållbar utveckling ur ett säkerhetsperspektiv (taking course, Karlstad University)
- 2021-01-18--06-04 Besluts- och riskanalys 3 (taking course, University of Gävle)
- 2021-01-27--29 Digital Humanities Now (attending conference)
