Risk should be objectively identified.
This implies establishing timing and scope in such a way that best supports the decision situation which triggered this SRA.
We must also capture the most important risk components and successfully construct combinations which constitute the most relevant risks within scope.
Objectivity in risk identification requires complete knowledge of our system as well as existing threat sources and vulnerabilities plus unlimited creativity and a total lack of bias.
(some of) my events
- 2019-05-15--17 Teknisk informationssäkerhet (teaching course, Stockholm)
- 2019-04-09--11 Operativ informationssäkerhet (teaching course, Stockholm)
- 2019-03-27 Beyond the Static InfoRisk Assessment (presenting at Åre Risk Event)
- 2019-03-06--08 Strategisk informationssäkerhet (teaching course, Stockholm)
- 2019-02-07 Säkerhetsarkitektur - ingenjörskonst eller hantverk? (hosting seminar in Falun)