I was asked to write a piece for ISACA about cyber risk in the Pandemic. I used some popular memes as a bouncing off point to talk about how to manage risk in these crazy times. You can read this here. I also had my article about why using record counts as your risk appetiteContinue reading “Pandemic Lessons and Record Count”
Category Archives: Appetite
Applied Risk Appetite
“There is a certain uselessness in saying an organization does not want to accept high risk.” My latest @ISACA article was published and as I was re-reading this line it resonated with me even more. You have to have more fidelity in how you define risk appetite for it to be useful. More tips onContinue reading “Applied Risk Appetite”
ICYMI: Organizational Signals for Changing Risk Appetite
I was inspired to write this article by a change in the speed limit that happened on a local Interstate. It was a good jumping off point to illustrate the parallels between speed limits and risk appetite and what it takes to change each. You can read the article on the FAIR Institute website here.
Lowest Common Risk Denominator
I tackle the notion of risk appetite in this month’s column using some metaphors with which you might be familiar. You don’t get to pick your auto insurance coverage by expressing the number of accidents you are willing to accept, yet that’s how a lot of organizations think about cyber risk. Fortunately, the cyber insuranceContinue reading “Lowest Common Risk Denominator”
The Risk Dr ® 