Security practitioners need to get out of the technology mindset and learn the new language of risk. Steve Grossman: “Security is really a risk management problem. There are too many incidents and too many attackers for the defenders who hope to close every vulnerability and stop every threat” He says the name of the game is prioritizing so that they know where to invest their resources. Grossman offers five tips for security practitioners to help them think and speak risk in terms of risk and business impact first.”]
Source: https://www.csoonline.com/article/3176754/new-ways-to-think-and-speak-risk.html