http://emergentchaos.com/archives/2008/09/risk-managers-are-just-like-security-people.html The Emergent Chaos Jazz Combo Fri, 12 Mar 2010 02:36:43 +0000 http://wordpress.org/?v=2.9.2 hourly 1 http://emergentchaos.com/archives/2008/09/risk-managers-are-just-like-security-people.html/comment-page-1#comment-5020 Davi Ottenheimer Wed, 10 Sep 2008 01:58:39 +0000 http://emergentchaos.com/?p=2883#comment-5020 yes, the basel ii accord is a good example of how information technology, financial and operational risk can be related to each other and managed together. yes, the basel ii accord is a good example of how information technology, financial and operational risk can be related to each other and managed together.

]]> http://emergentchaos.com/archives/2008/09/risk-managers-are-just-like-security-people.html/comment-page-1#comment-5019 Rick Tue, 09 Sep 2008 23:59:00 +0000 http://emergentchaos.com/?p=2883#comment-5019 There is no surprise in this comment. And in fact, I become more inclined to the idea that Information security is part of the operational risk domain and thus a lot of similarities. There is no surprise in this comment. And in fact, I become more inclined to the idea that Information security is part of the operational risk domain and thus a lot of similarities.

]]> http://emergentchaos.com/archives/2008/09/risk-managers-are-just-like-security-people.html/comment-page-1#comment-5018 Alex Tue, 09 Sep 2008 15:12:56 +0000 http://emergentchaos.com/?p=2883#comment-5018 I'm often thinking that economics suffers mainly because the scientific method they apply to their models has more immediate societal "risk" associated with them being wrong than, say, a theory on the extinction of dinosaurs or obscure models built around Phosphorus 31 NMR spectral properties. (see the overcomingbias.com article by Hanson about 'hate' and economists). My current line of thought is that "Security" (or Information Risk Management if you're so inclined) suffers similarly because of the perceived probable impact - not only in *not* addressing the risk because of unplanned cost increases, but just the act of addressing the risk is personally painful. This is an organizational behavior problem, and that's a discipline that we're just not that good at yet (possibly because we've dons so poorly on the risk thing). I’m often thinking that economics suffers mainly because the scientific method they apply to their models has more immediate societal “risk” associated with them being wrong than, say, a theory on the extinction of dinosaurs or obscure models built around Phosphorus 31 NMR spectral properties. (see the overcomingbias.com article by Hanson about ‘hate’ and economists).
My current line of thought is that “Security” (or Information Risk Management if you’re so inclined) suffers similarly because of the perceived probable impact – not only in *not* addressing the risk because of unplanned cost increases, but just the act of addressing the risk is personally painful. This is an organizational behavior problem, and that’s a discipline that we’re just not that good at yet (possibly because we’ve dons so poorly on the risk thing).

]]>