Earlier this year my good friend Jack Jones and I entered into a contract with Elsevier imprint Butterworth-Heinemann to write a book on the risk assessment methodology FAIR. We will deliver the final manuscript in the fist quarter of 2014 and it should be in print next summer/fall. The title of the book is tentativelyContinue reading “I’m Writing A Book”
My @ISACA column was published today. You can read it here.
I participated in my second risk management podcast for the Open Group that was published today. I like this one better than my previous one–I tried to talk slower in this one anyways ;-) I was happy with the topics that we discussed, most notably that as regulators become more aware of the capabilities ofContinue reading “Open Group Podcast on Risk – June 2013”
A recent article in Insurance and Technology made me think about the nature of identity as it relates to information risk management. If we take a look at the list of companies from which data is being collected, I can’t help but wonder if there is enough similarity between these companies to make some basicContinue reading “Most Likely Fined Like”
My @ISACA column was published today. Read it here. Edited: I realized they edited the full submission I made (I could tell because it sounded a little off from what I recalled). Below is the full post: Depending on your point of view, risk management is either a very easy or a terrifically difficultContinue reading “Risk Response Requires Critical Thinking”
I recently had the privilege to have some discussions with fellow members of a privacy-oriented group. They were mostly lawyers, and after a series of discussions we waded into the current disapprovals over Nordstrom’s practice of tracking people by Wifi (see here for more on this). Basically its the implied consent that seems to be getting people up in arms. That and thisContinue reading “Despite all my rage…”
When consulting on a security issue, one of the questions that makes me grind my teeth more than any other is some variation of, “What’re our competitors doing?” My initial reaction is always, “Who cares?” Its really just a useless way to think about security and risk. In my experience, no one asks this question because they areContinue reading “I want what they’re having”
Compliance is out of control. Its pervasive in our society now and there is no going back. Allow me to explain. My kid attends pre-school. They go outside daily to play, so we were asked to provide some sunblock. Makes sense, our family is pale so we are used to that routine. We brought itContinue reading “Negligence and Compliance”
So there are a lot of ways to die. Like a lot. We worry about obscure ways to die. Its gruesome really, to die via an asteroid or “space junk” strike (so much so that we make TV shows about it), hockey puck death, or obscure elevator amputations. …sort of like the various ways thatContinue reading “Frequency Matters”
My @ISACA column was published today. Read it here.