Accepting Risks

risksOne could argue that life is all a series of risks. Sometimes we remain in a state of ignorant bliss. Other times, we are aware of risks and take measures to mitigate it. But sometimes we choose to accept the risk.

Accepting risk is not a bad thing. Quite the opposite. Without risk acceptance, there would be no innovation. The reservoir of great ideas would dry up and bankers would have to make do make ends meet with mere six figure bonuses. Risk acceptance is the grown up thing to do. “We understand the risk, and chose to accept it. It’s the cost of doing business.”

But the question is whether some of the risks businesses accept are “unreasonable”. Like creating a toy that captures children’s information. Such as their name, address, birthday, photo, parents details, and allergies – then taking this information and putting it on an insecure website.  We don’t mean a website that is accessible over HTTP minus the S. But a website so insecure that it makes OWASP training websites look ‘military grade secure’ by comparison.

Thankfully though, whenever a company is breached and millions of customer records are exposed – a company can merely shrug and say sorry.  All the time while assuring they ‘take security seriously’.  Customers don’t like it.  Troy Hunt will upload the data to haveibeenpwned.com and the world will grit their teeth and take it.  This is the seedy world of corporate risk acceptance.  The terrifying underbelly of cyber-actuarial tables (if such a thing exists).

The point is that you can’t innovate and deliver new functionality to customers by building a secure website. Or waste precious time ensuring your hardware is hacker-proof. If you do, your competitors will have leapfrogged you.  Not to mention, no customer would want to pay a premium on your offering just because you say it’s more secure than the others.

Or maybe the real question is “how secure do I need it to be?”.

Host Unknown presents: Accepted the Risk (A Risk Management strategy for removing blockers to productivity)

Why waste time remediating when you can simply accept the risk?

@HostUnknownTV bring to life a Risk Manager who gets the balance of risk management very wrong.  Are the CISA auditors being inflexible or did Javvad skip a module on his CRISC?

Love it? Hate it? Leave a comment below!

http://hostunknown.tv

@HostUnknownTV

Produced by Mahmoud El-Azzeh @mantheycallmoo

Directed by Mahmoud El-Azzeh

Director of Photography – Caleb Wissun-Bhide

1st Assistant Cameraman – Iustin Filip-Mucenic

Editor – Lara Blanco

VFX and Colour Grading – Timothy Greenfield

 

Starring

Javvad Malik

Andy Agnês

Thom Langford

 

Dancers provided by Epika Dance http://www.epikadance.com/

Emiko Jane Ishii

Martha

 

Extras

Pauline Singh

Lee Munson

 

An Elazayan Films Production

https://www.facebook.com/Elazayan-Films-284223804977370/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s