"With the actual research extending to some 20+ pages and 60+ references, it may be a little dry for a leisurly read. However, the linked document is just an 8 page high level summary of this research. I would highly recommend reading, as it may be a revalation" - Chris Middleton.
https://www.techrxiv.org/articles/preprint/Holistic_Security_and_Risk_Intelligence_Are_Current_Risk_Management_Methods_Leading_to_Breach_/17425457
TOPICS DISCUSSED INCLUDE:
- SYSTEMIC AND SYSTEMATIC ERRORS - INABILITY TO ACCURATELY ENUMERATE RISKS DUE TO SIMPLIFICATION OR APPROXIMATION IN THE RISK MODEL.
- SILOED RISK MANAGEMENT SYSTEMS - POOR COORDINATION BETWEEN SYSTEMS AND MANAGERS OF DIFFERENT DISCIPLINES
- POOR RISK RELATIONSHIPS BETWEEN TECHNICAL AND NON-TECHNICAL RISKS - EXPLOITED BY HOLISTIC ATTACK
- LITTLE UNDERSTANDING OF RISKS POSED BY 3RD PARTY STAKEHOLDERS AND VENDORS - EXPLOITED BY 2ND ORDER ATTACK
- HIGHLY REACTIVE RISK MANAGEMENT - ONLY ADDRESSING THE ISSUE AFTER ONE OR MORE BREACHES
- A LACK OF DISCUSSION & RESEARCH - LIABILITY CONCERNS LEADS TO A LACK OF DATA AND THEREFORE RESEARCH TO IMPROVE SYSTEMS AND ADDRESS THESE PROBLEMS
Want to Know More Detail of Why Current Risk Management Methods Leading to Breach?