Simple play icon Course
Skills

Risk Decisions in an Imperfect World

by DevSecCon

In this talk, Mark Nunnikhoven will examine the challenge around identifying realistic threats to your work, various risk assessment models, and how to take a reasonable approach to making risk decisions with insufficient data.

What you'll learn

Security is often spoken of in absolutes. Is this secure? Is that insecure? The reality is that security is a spectrum. It is a series of implicit and explicit decisions made to meet the business needs within an acceptable risk tolerance. What is an acceptable risk? How can you determine what threats pose a risk to your work? How likely are those threats to occur? Is there data available to support these determinations? The answers to these questions are vague at best. This leads a lot of teams to practice security as a set of “best practices” with little understanding of what risk a control or process is supposed to address. In this talk, Mark Nunnikhoven will examine the challenge around identifying realistic threats to your work, various risk assessment models, and how to take a reasonable approach to making risk decisions with insufficient data.

Table of contents

Risk Decisions in an Imperfect World
30mins

About the author

DevSecCon is the global community dedicated to DevSecOps to help implement security in the overall development process. If you’re a security enthusiast & you want to learn more about how to better secure your team, then check out our community & resources.

Ready to upskill? Get started