Does a Risk Management approach work in Cybersecurity?
I was recently with a client discussing their cyber risks and what main risks we were going to focus on.
"And your top 5 information security risks are risks 1,2,3,4,5"
He then said to me, "what about the other risks?"
…