Press Release
Why Even Go for “Provable Security”?
Before we can assess risk, we need to define what risk is.
A risk is what happens when a threat acts on a vulnerability to create an impact. For example, a hacker sends your CFO a phishing email and she clicks the malicious link, giving the hacker login credentials for your corporate bank account and bang, you’re out $720,000.
The probably that a risk will manifest has two components:
The inherent risk before any controls (e.g., spam filtering, security awareness education) are in place to reduce/treat the risk
The residual risk that remains after controls are in place
