Читать книгу Security Awareness For Dummies - Ira Winkler - Страница 52

When I speak at various events, I sometimes ask my audience, “Who is a security professional?” Of course, everyone raises their hand, and I reply, “You are all failures.”

I go on to explain that the dictionary definition of security is being “free from risk,” and you can never be free from risk. Therefore, you will always fail when your stated goal is security. Supposed “security” professionals are charged with risk management, or determining risk and then mitigating that risk as long as mitigating the risk isn’t more expensive than the risk being realized.

Risk can have different meanings in different professions. As I advocate throughout this book about the need to deliver and demonstrate risk reduction, the remainder of this section defines what I mean by risk reduction in a way that you should be able to share with others — especially those people whom you report to or need to show your return on investment.