QOTD on Security vs Risk

An organization with a zero failure rate is an organization that takes sure things, not risks.
Assuming you want to take real risks and accept some failures as an inevitable by-product, your first step is to find all the structural factors that are in place to discourage risk-taking.
Start with information security. Is it operating according to the risk profile you want, or is it in full prevent mode, trying to maximize security rather than optimizing it? -- Bob Lewis, writing for InfoWorld.com
Note: emphasis mine

Src: Wanted: IT risk-takers | Adventures in IT - InfoWorld

No comments: