Posts Tagged “security policy”

Can quantitative risk estimation serve as a guide for every-day policy decisions?

by Russell on December 5, 2009

A methodology is presented for guiding individual policy decisions from a risk management perspective, using a form of “abduction validation”. An example is presented using the case of password change policy, drawing from recent blog discussions.