Page one. I will try to offer a little to those involved in information security, application security, business operations security, and infrastructure security. I will also try to repeat a lot that bears repeating.
I believe that we need to train business and technology management, leaders across all types of business, about effectively managing risk. We need to offer reasonable alternatives to a simple hope that “loss will visit elsewhere — but not at my company, at least not on my watch.”
Ineffective risk management decision-making can result in net risk increase.
And the vast and varied application layer remains a risk-rich territory.