ABSTRACT
What are your risks? Are your risks primarily with people? In most cases, people cause risks based on the decisions that they make. Whether the disclosure of sensitive information was caused by an accident, a series of accidents, or deliberate actions of a person still means the information was disclosed. Preventing the disclosure is what we are trying to do with risk management. Our ™rst step is to perform a risk assessment. In any risk assessment, we make assumptions and deal with constraints. že accuracy of our risk assessment depends on whether we can trust the information being presented. How much we can trust that information depends on whether it is fact, calculated, estimated, or guessed. In most cases today, we do not know how much trust we can put in the information. žis next section deals with some of that trust and how we can improve on our ability to add more con-™dence into our decision-making processes.
