![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-syndicated.gif){kind=small}
bruce_schneier posts a revealing excerpt from the ANSI Cyberrisk Calculation Guide.
Here's the sentence from the ANSI Guide that leapt out at me:
If risk can be transferred to other organizations, that part of the risk can be subtracted from the net financial risk.
I don't know about you, but to me, that sounds disturbingly like "If a risk can be made into somebody else's problem, then screw it, it's no longer OUR problem." Which is exactly the kind of thinking that got us into the current economic mess.
no subject