Category: FAIR Institute
-
ISACA asked me to write a short piece on my Journal article about risk communication. They published that here. I also wrote a blog post for the @ISACA newsletter about the trouble with positive risk. Lastly, NIST released an update to their ERM-Cyber integration standard and my friends at the FAIR Institute asked me to…
·
-
NIST webinar, app rationalization for Federal Cloud Smart policy, Risk Mgmt Maturity report, and Davos
-
I’m very excited to announce that I will be speaking at the Cyber Future Dialogue in two weeks in Davos, Switzerland during the World Economic Forum. This is going to be an amazing opportunity to converse with distinguished leadership from around the world on the necessity of and practical means to operationalize cyber risk quantification…
-
Welcome to 2020! I kept busy last month, even with the holidays. Here are some updates: I wrote a piece for ISACA about how much spending is being done in aggregate for cyber security and how we need to rationalize the controls we are spending on. The FAIR Institute called this my manifesto here :-)…
-
First off, I’m very pleased to announce that I will be presenting again next year at the RSA Conference. My session is called “Maturing Cyber-Risk Management Practices: Framework and Next Steps” (EZCL-R01). This will be done as a Collaborative Learning Session (a new RSAC format). I’ll lead a discussion then turn it over to the…
·
-
Time for another roundup! Below are some works I’ve recently done on Apex Threat Agents, HITRUST, my time at the Gartner Summit, and some thoughts on Iranian attacks. How to Model Risk in an Apex Predator Cyber-World Enhancing HITRUST Risk Assessments with Cyber Risk Quantification (CRQ) Gartner 2019 Debate: Quantitative vs. Qualitative Cyber Risk Analysis…
-
As a part of my new role with RiskLens, I’ve been publishing several articles. Included here is a recap of my work over the past month: The ZombieLoad speculative execution bug raised the specter of a possible 40% hit in performance. I gave a plan to evaluate this new bug in the context of risk…
·
-
I was recently interviewed by the FAIR Institute as a part of their Meet a Member series. I talk a little bit about my origins measuring cyber risk using FAIR. You can listen to the interview here.
·
-
I was humbled this week when I was awarded the FAIR Champion award from the FAIR Institute at their annual conference last week at Carnegie Mellon in Pittsburgh, PA. Jack Jones has created this extraordinary thing in FAIR and it is and will continue to do nothing less than revolutionize our industry. That he decided…
·
-
I’m looking forward to participating on this panel discussion at the upcoming FAIR Conference. This is a topic that really speaks to me and I’m looking forward to sharing what I’ve experienced and hearing from the co-panelists about how they’ve accomplished the same. Here’s the full agenda and if you haven’t registered yet you can…
The Risk Dr ® 