Understanding the relationship between the terms risk, threat and vulnerability is key to how we distinguish and then prioritize our security decisions. Throughout history, security professionals, mathematicians and political scientists have tried to come up with a formula, an algorithm or a model to measure these three terms and the relationship between them.

The magic model they sought was finding a decision making process for security priorities that would shelter them from being liable or accountable for the consequences of their decision. After all, if you can plug information into a model that generates an automatic “do” or “do not” decision, you can always blame the model if something goes wrong.

Keep reading →