For this months @ISACA Tips column, I wrote about the conundrum of defining and assessing emerging risk. Its an interesting space to assess; technologies and trends so cutting edge that they sorta defy precision assessments, yet also so important as to require them.
You can check it out here.
RSA Conference is next week and I’m excited to share that I will be presenting on some work a a colleague and I have done on building an Agent-Based Model (ABM) using FAIR risk data.
This should be an interesting discussion, so please join me next Wednesday at 2:50PM Pacific in Moscone West 2011.
I also served on the program committee this year for the GRC track and I can report that this year’s risk and metrics presentations will be insanely good! You are all in for a treat. If you will be in SF next week for the conference, be sure and look me up.
I’m very pleased to announce that I’ve been accepted to speak again at next year’s RSA Conference. I’m going to be presenting on an Agent Based Model concept using FAIR risk results jointly with my colleague Joel Amick. Joel’s team and my team worked to develop a POC of this work and we can’t wait to share what we developed with you in March!
Here are the details of the session; please be sure to save it to your agenda!
I was very fortunate to have the opportunity to share my thoughts on KRIs last week on The FAIR Institute’s website. I used the metaphor of Sentinel Species (think canaries in coal mines) to serve as an indicator of risk, but not of risk itself. That important distinction is one that I strongly feel is a difference we aren’t making in our identification and use of KRIs.
You can read the full article here.
I wrote this latest bit for the @ISACA column after reading Richard Clarke’s book and trying to rationalize how it applies to cyber risk. It’s overly easy to predict failures and impending doom at a macro level, its much harder to do it at the micro level, which is infinitely more interesting and useful.
You can read more here
Bill Murphy‘s interview with me for his RedZone podcast was posted today. I had a great time talking with Bill about risk, FAIR, and forecasting. You can find the podcast here. It was a great discussion, and Bill was a very gracious host. His entire podcast series is worth subscribing to: he interviews some really interesting people who bring a diverse view to risk and security. I enjoyed listening to him interview my friend Jack Jones but I also enjoyed his recent discussions with Zach Schuler. Be sure to check them out.
The final post of the interview/blog series I did with the FAIR Institute was posted last night.