23 days ago

Improving Return on Security Investment: Estimating the Impact of Mitigations

Link: https://blog.opengroup.org/2024/04/02/improving-return-on-security-investment-estimating-the-impact-of-mitigations/?utm_source=rss&utm_medium=rss&utm_campaign=improving-return-on-security-investment-estimating-the-impact-of-mitigations

By Simone Curzi, Principal Consultant, Microsoft; John Linford, Security Portfolio Forum Director, The Open Group; Dan Riley, Vice President & Distinguished Engineer Data Science, Kyndryl; Ken St. Cyr, Sr. Cybersecurity Architect, Microsoft

Understanding the risks present in the system you are developing is important, but it is even more important to determine mitigation actions. Activities like threat modeling can help with identifying your options, but they are usually too numerous and too expensive. What should you really do? And would the residual risk be acceptable afterwards?