Paranoia Level

• Getting to “good enough security”

• Security policy needs to match the risk acceptance profile of an organization

  • What are the realistic threats?
  • How visible is your organization?
  • What are the consequences of an incident?
  • How sensitive is your organization to the intangible costs of an incident?

• Regulatory and legal issues

Previous slide

Next slide

Back to first slide

View graphic version