Wentz’s Information Risk Model

What’s Risk?

  • Risk is “the effect of uncertainty on objectives”, ISO 31000
  • An effect is a positive or negative deviation from what is expected.

Business Mindset

  • A threat is a risk with a negative effect.
  • An opportunity is a risk with a positive effect.

Business Driver

  • Information Security is a business issue. It’s time for security professionals to think from both the perspective of opportunities and threats.
  • Information Security is a business enabler, and it may be a business driver if opportunities are taken into consideration.
  • Think about Facebook Libra!

Leave a Reply