A lot has changed since I first started bashing random thoughts into WordPress and wondering if anyone but I would care. In March 2005, John Quarterman and myself were pretty much the only bloggers out there talking about Risk in the non-boardgame sense of the word, at least according to Technorati, and we apparently only had 33 posts on the subject between us.Like him, I don’t know that it’s so much that there is actually more risk management going on, but at least more people are talking about it; maybe that will lead to more of it happening.Today, Technorati found a total of 47,001 posts about “risk management,” with more being added at a pace of over 100 per day. A lot of them are spam, but a lot of them aren’t.
-jsq
A lot of people have worked out that the 1990s Internet approach to security was a damp squib. Where they have had the incentive and time to do so, people are researching all sorts of stuff, simply because the textbook guidance wasn’t worth the paper.
Once people research security for long enough they discover that certain players were doing this in the pre-Internet days, and were getting it right. Banks, IOW, where risk and return are their very business.
There, it’s called risk management, and it uses an apparently novel technique of allowing certain bad things to happen, because it isn’t worth the cost.
Although, we seem to still be a long way from relating security to risk management in a meaningful sense.
I guess more people are appreciating the importance and value in creating a good Risk Management Plan.