http://www.wadewoolwine.com/2009/12/08/risk-acceptance-does-it-really-matter/ Thoughts and discussions on web technologies, security, and innovations. Thu, 02 Sep 2010 12:56:09 +0000 http://wordpress.org/?v=2.9.1-beta1 hourly 1 http://www.wadewoolwine.com/2009/12/08/risk-acceptance-does-it-really-matter/comment-page-1/#comment-155 Ben Fri, 11 Dec 2009 20:16:56 +0000 http://www.wadewoolwine.com/?p=143#comment-155 I was in a meeting a couple days ago when the "person in charge" uttered that "ok, we'll just accept that risk" phrase... I immediately thought of your post here since no real assessment had been done to fully quantify the "risk"... :) I was in a meeting a couple days ago when the “person in charge” uttered that “ok, we'll just accept that risk” phrase… I immediately thought of your post here since no real assessment had been done to fully quantify the “risk”…

]]> http://www.wadewoolwine.com/2009/12/08/risk-acceptance-does-it-really-matter/comment-page-1/#comment-153 Gracie Thu, 10 Dec 2009 18:14:06 +0000 http://www.wadewoolwine.com/?p=143#comment-153 Oh, ok. :) Thanks Wade! :) Oh, ok. Thanks Wade!

]]> http://www.wadewoolwine.com/2009/12/08/risk-acceptance-does-it-really-matter/comment-page-1/#comment-152 wadew Thu, 10 Dec 2009 17:29:43 +0000 http://www.wadewoolwine.com/?p=143#comment-152 I wasn't really considering low risk vulnerabilities. Theoretically, if the vulnerability can lead to a serious hack, it wouldn't be through a low risk issue. I wasn't really considering low risk vulnerabilities. Theoretically, if the vulnerability can lead to a serious hack, it wouldn't be through a low risk issue.

]]> http://www.wadewoolwine.com/2009/12/08/risk-acceptance-does-it-really-matter/comment-page-1/#comment-151 Gracie Thu, 10 Dec 2009 17:22:19 +0000 http://www.wadewoolwine.com/?p=143#comment-151 but what if you know the risk is Low and feel like you are giving a valuable response as a security officer that you recommend they accept the risk? but what if you know the risk is Low and feel like you are giving a valuable response as a security officer that you recommend they accept the risk?

]]> http://www.wadewoolwine.com/2009/12/08/risk-acceptance-does-it-really-matter/comment-page-1/#comment-150 wadew Wed, 09 Dec 2009 18:53:30 +0000 http://www.wadewoolwine.com/?p=143#comment-150 I assumed that the risk accepted by the executive/official was as a result of a finding from an assessment. As in, "yes, we acknowledge that there's a security hole, but we're willing to accept the risk". I assumed that the risk accepted by the executive/official was as a result of a finding from an assessment. As in, “yes, we acknowledge that there's a security hole, but we're willing to accept the risk”.

]]> http://www.wadewoolwine.com/2009/12/08/risk-acceptance-does-it-really-matter/comment-page-1/#comment-149 CG Wed, 09 Dec 2009 18:46:35 +0000 http://www.wadewoolwine.com/?p=143#comment-149 nothing happens when they get owned if they are blatantly at fault, why would something happen if they actually did a risk assessment... nothing happens when they get owned if they are blatantly at fault, why would something happen if they actually did a risk assessment…

]]>