I was doing some reading on the distribute.it hack and stumbled onto a reference to a Risky Business podcast on Probablistic Risk Assessments. It’s a great argument as to why risk assessment does not work well in the information security space. The basic thesis is you can’t assign a probability to a serious attacker. […]
This post first appeared on Wings Of Hermes – Berin's Infosec Blog - Infosec, please read the originial post: here