Cyber risk assessments: ISO 27005 and the bowtie model

Peter Lacey Risk Management News 1 Comment

It is often the case in risk practice that the risk assessment becomes an activity in going-through-the-motions: because so many risks are well known and theoretically well-controlled.  This certainly cannot …