What’s Risk?

• Risk is “the effect of uncertainty on objectives”, ISO 31000
• An effect is a positive or negative deviation from what is expected.

Business Mindset

• A threat is a risk with a negative effect.
• An opportunity is a risk with a positive effect.

Business Driver

• Information Security is a business issue. It’s time for security professionals to think from both the perspective of opportunities and threats.
• Information Security is a business enabler, and it may be a business driver if opportunities are taken into consideration.
• Think about Facebook Libra!