If risk management is governed by the age-old risk equation -- Risk = Threat x Vulnerability x Asset Value -- then it would follow that the accuracy of each of those attendant variables can make or break an enterprise's IT risk management practice. The security industry has done a lot to hone in on metrics that delineate the latter two: CVSS scoring and countless studies measuring the cost of breaches around specific IT assets have helped risk managers better get their arms around that particular part of the equation. The real sticking point has always been the problem of measuring and tracking the threats. The threat landscape is so mercurial and threats so dependent on dozens of their own variables that finding a way to measure the probability of a threat hitting its mark can seem a bit of a crapshoot. But that's changing as risk management experts start to depend on the burgeoning market of threat intelligence services to deliver enough real-time information about threats in th... Read full story on Dark Reading


Post a comment to the original version of this story on Dark Reading