The SANS Top Cyber Security Risks report has received a lot of positive publicity (19 online stories, at last count). (TippingPoint and Qualys were partners in the report.) But none of the reporters or bloggers analyzed the report, the methods, or the data. They just repeat the main points from the report.
I applaud the effort and goals of the study and it may have some useful conclusions. We should have more of this type of study, especially at a large scale.
Unfortunately, the report has some major problems, listed roughly in order of severity: (for details, read on…)
Continue reading ‘Making Sense of the SANS “Top Cyber Security Risks” Report’
What You’ve Said