Inside the Security Mind: Making the Tough Decisions

Additional Audit Considerations

In addition to the audit processes described in this chapter, there are a few other considerations to keep in mind:

Acceptable Risk

Security is always a balance between protection and practicality. Try our hardest to maintain security and there will always be situations where the best measure is simply not practical. This leads to what is called acceptable risk.

Acceptable risk is the acknowledgement that a security issue exists and we are knowingly allowing it to remain. The degree to which the issue remains may be somewhat lessened by practical security measures; however, the measures required to fully remove the risk are not conducive to good business sense.

I see acceptable risks all the time within organizations, ...

Get Inside the Security Mind: Making the Tough Decisions now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Inside the Security Mind: Making the Tough Decisions by Kevin Day

Additional Audit Considerations

Acceptable Risk

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly