Comment Defense In Depth (Score 5, Insightful) 282
No one is trying to create an Iron Curtain. Security departments (most of them hopefully) are taking numerous measures to prevent breaches. Including access controls preventing one compromised computer from getting all the marbles via role-based or well-configured discretionary access controls, appropriate traffic filtering and intrusion detection techs.
Risk management is the specific practice of minimizing the greatest risks (what will do the most harm and will be the most likely to happen). And for the most part everyone realizes that no risk can be completely eliminated, so we mitigate them as best we can and rely on fundamentally sound access controls et. al. to limit the effect of any breach and hopefully know about and plan for unforeseen circumstances by planning for certain categories of attacks.
Hopefully I'm right, because if I'm not... I'm scared.
Risk management is the specific practice of minimizing the greatest risks (what will do the most harm and will be the most likely to happen). And for the most part everyone realizes that no risk can be completely eliminated, so we mitigate them as best we can and rely on fundamentally sound access controls et. al. to limit the effect of any breach and hopefully know about and plan for unforeseen circumstances by planning for certain categories of attacks.
Hopefully I'm right, because if I'm not... I'm scared.
