Computer Security Institute speakers offer advice on measuring security risks and communicating risks. The key is creating metrics that can be quantitatively tracked over time, experts say. Security teams can also perform a gap analysis for each process, expert says. Expert: Legacy systems pose the highest overall risk, not something new, but legacy systems. Security vendor NetWitness: Most companies still focus on compliance and prevention, but they’re fighting a losing battle. We need to rethink the risk equation, security expert says.”]
Source: https://www.darkreading.com/analytics/csi-speakers-offer-advice-on-risk-assessment-reporting