Interesting listen (NSA's Brian Snow on risk-based security): https://t.co/MwSi8KE8kA "Basically it boils down to the fact that it's impossible to assign a likelihood to an unknown attack. So how on earth did risk-based security become the 'standard' way of doing things in the enterprise? What use is a risk register if high-impact, low-likelihood adverse events can't be reliably quantified?"
See Tweet