One of the most important responsibilities of the information security professional (or any IT professional, for that matter) is to help management make well-informed decisions. Unfortunately, this has been an elusive objective when it comes to risk. See more: http://www.zdnet.com/improving-signal-to-noise-in-risk-management-7000010379/
The CXOWARE Blog
Welcome to the CXOWARE blog. We hope you’ll join us for lively and good natured discussion about risk and risk issues! We’re risk geeks, plain and simple. We’re big advocates of the Factor Analysis of Information Risk (FAIR) framework for quantifying risk.