The Challenge of Adequately Defining Technical Risk

Abstract: Chapter 2 investigates the risk and compliance conundrum as fundamental principles that better inform the governance of cyber security in organizations. Public cloud computing examples are used to highlight the deficiencies of legacy risk assessment methods but also to provide a stark warning about using compliance mapping approaches instead of considered security control implementations. Ultimately using blanket compliance frameworks does not necessarily influence, but rather conversely, creates a vacuum that… Show more