One of the problems that security practitioners have when discussing risk is agreeing on the terminology. My work in recent years has focussed on using widely accepted standards to underpin security recommendations. All standards define their terminology pretty well. Most recently I have been using the fairly new ISO 31000:2009 as a  reference for risk … Continue reading Risk definitions