3. The Value of Reducing Risk
• If Security Risk Management is a Business
Decision, then we need to understand the
cost and the value
• What is the Cost?
– Frequency and Impact!
– What are organizations collecting?
• Frequency!
4. Example of Collected Data
70
60
50
40
30
20
10
0
Unauthorized Probes Denial of Viruses
Access Service
Where is the impact?