Page one.   I will try to offer a little to those involved in information security, application security, business operations security, and infrastructure security.   I will also try to repeat a lot that bears repeating.

I believe that we need to train business and technology management,  leaders across all types of business, about effectively managing risk.  We need to offer reasonable alternatives to a simple hope that “loss will visit elsewhere — but not at my company, at least not on my watch.”

Ineffective risk management decision-making can result in net risk increase.

And the vast and varied application layer remains a risk-rich territory.

My thanks to for this service, and to Kevin Riggins at Infosec Ramblings for a nudge.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: