I’m Writing A Book

Earlier this year my good friend Jack Jones and I entered into a contract with Elsevier imprint Butterworth-Heinemann to write a book on the risk assessment methodology FAIR. We will deliver the final manuscript in the fist quarter of 2014 and it should be in print next summer/fall. The title of the book is tentativelyContinue reading “I’m Writing A Book”

Open Group Podcast on Risk – June 2013

I participated in my second risk management podcast for the Open Group that was published today. I like this one better than my previous one–I tried to talk slower in this one anyways  ;-) I was happy with the topics that we discussed, most notably that as regulators become more aware of the capabilities ofContinue reading “Open Group Podcast on Risk – June 2013”

Most Likely Fined Like

A recent article in Insurance and Technology made me think about the nature of identity as it relates to information risk management. If we take a look at the list of companies from which data is being collected, I can’t help but wonder if there is enough similarity between these companies to make some basicContinue reading “Most Likely Fined Like”

Risk Response Requires Critical Thinking

My @ISACA column was published today. Read it here.   Edited: I realized they edited the full submission I made (I could tell because it sounded a little off from what I recalled). Below is the full post:   Depending on your point of view, risk management is either a very easy or a terrifically difficultContinue reading “Risk Response Requires Critical Thinking”

Despite all my rage…

I recently had the privilege to have some discussions with fellow members of a privacy-oriented group. They were mostly lawyers, and after a series of discussions we waded into the current disapprovals over Nordstrom’s practice of tracking people by Wifi (see here for more on this). Basically  its the implied consent that seems to be getting people up in arms. That and thisContinue reading “Despite all my rage…”

I want what they’re having

When consulting on a security issue, one of the questions that makes me grind my teeth more than any other is some variation of, “What’re our competitors doing?” My initial reaction is always, “Who cares?” Its really just a useless way to think about security and risk. In my experience, no one asks this question because they areContinue reading “I want what they’re having”

Negligence and Compliance

Compliance is out of control. Its pervasive in our society now and there is no going back. Allow me to explain. My kid attends pre-school. They go outside daily to play, so we were asked to provide some sunblock. Makes sense, our family is pale so we are used to that routine. We brought itContinue reading “Negligence and Compliance”