Some of you maybe made some risk analysis in the past, and maybe some others use to do risk analysis in a regular basis. Some people use Octave, CRAMM, NIST or other risk analysis methodologies, but…
Have you ever though if you have a GAP or a lack of visibility in the way you use to do your analysis?
I created a presentation where I explain in details this topic, you can see my presentation here: