I believe that companies which attempt to have non-techies handling their security risk management, will end up in trouble.
Considering the recent hurricane. While the professional politicians and news analyts are playing the blame game, one major factor to the damage was the failure of the levy system....
The levy system was supposed to be able to withstand only a category 3 hurricane. (If even that, due to lack of maintenance.)
One could argue that it was risk management at work. The odds of a cat 5 hitting New Orleans is so small, why not take that risk? (The downside is that one did hit and the total damage in insured property greatly outweigh the cost of building the levy system to take a cat 5 hurricane.)
I agree that you can't call wolf at every perceived risk. But how can a "business type" manage these risks if they really don't understand the potential damage that can occur?
Ian
There might be a few dissenters over the risk of a cat5 storm hitting the gulf coast... If we remember correctly, it was flagged as one of three serious threats to the US at the start of Dubya's terms in office. The other two, you ask? Oh, a terror attack in New York and a big quake in California. Two outta three, and still time to go...
