For this months @ISACA Tips column, I wrote about the conundrum of defining and assessing emerging risk. Its an interesting space to assess; technologies and trends so cutting edge that they sorta defy precision assessments, yet also so important as to require them.
You can check it out here.
I was recently interviewed by the FAIR Institute as a part of their Meet a Member series. I talk a little bit about my origins measuring cyber risk using FAIR.
You can listen to the interview here.
RSA Conference is next week and I’m excited to share that I will be presenting on some work a a colleague and I have done on building an Agent-Based Model (ABM) using FAIR risk data.
This should be an interesting discussion, so please join me next Wednesday at 2:50PM Pacific in Moscone West 2011.
I also served on the program committee this year for the GRC track and I can report that this year’s risk and metrics presentations will be insanely good! You are all in for a treat. If you will be in SF next week for the conference, be sure and look me up.
“There is a certain uselessness in saying an organization does not want to accept high risk.”
My latest @ISACA article was published and as I was re-reading this line it resonated with me even more. You have to have more fidelity in how you define risk appetite for it to be useful. More tips on how to do that in the full article here.
On November 7th I was honored by my alma mater, Nova Southeastern University, as the 2018 Distinguished Alumni from the College of Engineering and Computing. It was an amazing event and the alumni association treated us all very well. I was humbled by the caliber of people alongside which I was named. They recited all the accolades of each honoree and it was truly amazing to hear the accomplishments of everyone and I was proud to be called their peer.
I’m very pleased to announce that I’ve been accepted to speak again at next year’s RSA Conference. I’m going to be presenting on an Agent Based Model concept using FAIR risk results jointly with my colleague Joel Amick. Joel’s team and my team worked to develop a POC of this work and we can’t wait to share what we developed with you in March!
Here are the details of the session; please be sure to save it to your agenda!
The December issue of the ISSA Journal was released and my article on the Future of IT Risk is on the cover. The theme for this month’s Journal is “The Next 10 Years” and I wanted to highlight where I saw the industry going. I begin with a look back on the progress away from ordinal scale, verbal risk labels and project out on where things will go. I cover regulatory, insurance, and customer pressures to quantify as well as outline a path forward where risk quantification can be used as a competitive advantage.
Check it out in your mailbox or read it online now.
