Risk Management - Time to blow it up and start over?

BsidesSF 2010

Presented by: Nelson Murilo
Date: Wednesday March 03, 2010
Time: 15:00 - 16:00
Location: ParaSoma

Now that the industry is trying to formalize the concept of risk management into neat little compartments like standards (ISO 27005/31000), certifications (CRISC) and products (GRC) guess what? We're doing it wrong. Fundamentally wrong. This talk will discuss why all this current risk management stuff is goofy and what sort of alternatives we have that might help us understand our ability to protect, our tendancy towards failure, and how to match that up with what management will stomach.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats