First off, I’m very pleased to announce that I will be presenting again next year at the RSA Conference. My session is called “Maturing Cyber-Risk Management Practices: Framework and Next Steps” (EZCL-R01). This will be done as a Collaborative Learning Session (a new RSAC format). I’ll lead a discussion then turn it over to the room to begin analyzing their risk management program and assessing its maturity.
- I did a short podcast on the NIST CSF FAIR integration
- Here’s another short podcast I did on risk associated with AI
- I was pleased to see that the book I coauthored on FAIR was listed here in the Resources for Measuring Cybersecurity (#2!!)
- I wrote this piece for Dark Reading about the unreasonableness of control frameworks
- RiskLens wrote about my DarkReading piece here
- Lastly, here is video from the panel discussion I led at FAIRcon19 this year covering integrating FAIR with HITRUST and NIST CSF