NIST CSF, Vendor Risk, and Threat Intel

ICYMI for September!

  • A large whitepaper I wrote for ISACA on vendor risk was published here
    • A piece I wrote for ISACA about this is posted here
    • The FAIR Institute blogged about it here
  • I wrote an article for the ISSA Journal about integrating threat intelligence and risk intelligence (pay-walled, but available here)
    • The FAIR Institute blogged about this article here
  • My column for the @ISACA newsletter came out and I really liked this one as it spoke about how many organiations manage risk by storytelling. You can read it here
    • FAIR Institute post on this here
  • I’m really proud of this one! I’ve been working with NIST to formally map FAIR to the NIST CSF standard. That was recently published. More on this here
  • I wrote an article on credit ratings and cyber risk here
  • I wrote a piece for ThreatPost about justify investments in TIG technology
  • Lastly, I was quoted in HealthITSecurity in an article about FAIRCon ’19








Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: