This week we take some time to talk about risk management with Josh Sokol. This is part 2 from our interview with him last week... We talk some more about Simple Risk from the POV of Risk Management, as well as the licensing/modification of Simple Risk.
Mr. Boettcher and Josh discuss the merits of Qualitative vs. Quantitative Risk Analysis, and which one is better...
We also discuss NIST 800 series guidelines, and how he used those to excellent effect in Simple Risk.
Josh also discusses OWASP, how the advocacy and outreach works and how flexible the organization is.
NIST 800 Series docs - http://csrc.nist.gov/publications/PubsSPs.html
Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0