I recently coauthored an article for the ISACA Journal with a coworker about imputing the cost of a data breach from record count. We also recorded a podcast based on the article. You can read the article here and listen or watch the podcast. I also authored a piece for the @ISACA newsletter on theContinue reading “ICYMI – Mega ISACA Update – Data Breach Costs and Hanlon’s Razor”
Category Archives: ICYMI
ICYMI: Digital Trust and Improving Risk Programs
For my final update this year, I want to discuss my last two pieces for the @ISACA newsletter and ISACA Now Blog. The first is a piece on how Cyber Ratings are quickly becoming a standard for measuring digital trust. As the investor community wants more insight into which firms have a greater propensity forContinue reading “ICYMI: Digital Trust and Improving Risk Programs”
Cyber Risk Warehouse – 2022 April YTD ICYMI
I have a “warehouse” full of good cyber risk things to share with you below: Here is an ISACA piece I was asked to write about things Cyber Risk professionals need to focus on in 2022 This ISACA column I wrote speaks to the role that bias plays in how cyber news is fed toContinue reading “Cyber Risk Warehouse – 2022 April YTD ICYMI”
More on Zero Trust
I was interviewed by ISTARI on Zero Trust a little while ago. You can check out the short podcast here: I was also quoted in an article on Zero Trust here:
85.7% COVID-19 Free March Update!
RSA Roundup Updates on the Monday all-day FAIR session I did with Jack Jones, Chad Weinman, and Rachel Slabotsky, as well as my Thursday session on maturing your risk management practice. RSAC 2020 Report – Big Turnout for 2 FAIR Seminars, Breakfast Advice on Starting a FAIR Program from Jack Jones and Fannie Mae, AscenaContinue reading “85.7% COVID-19 Free March Update!”
Welcome to 2020! Cyber Risk Prospectuses and a “Manifesto”
Welcome to 2020! I kept busy last month, even with the holidays. Here are some updates: I wrote a piece for ISACA about how much spending is being done in aggregate for cyber security and how we need to rationalize the controls we are spending on. The FAIR Institute called this my manifesto here :-)Continue reading “Welcome to 2020! Cyber Risk Prospectuses and a “Manifesto””
RSA 2020, NIST CSF, and Dark Reading
First off, I’m very pleased to announce that I will be presenting again next year at the RSA Conference. My session is called “Maturing Cyber-Risk Management Practices: Framework and Next Steps” (EZCL-R01). This will be done as a Collaborative Learning Session (a new RSAC format). I’ll lead a discussion then turn it over to theContinue reading “RSA 2020, NIST CSF, and Dark Reading”
ISSA Journal – The Future of ITRM will be Quantified
The December issue of the ISSA Journal was released and my article on the Future of IT Risk is on the cover. The theme for this month’s Journal is “The Next 10 Years” and I wanted to highlight where I saw the industry going. I begin with a look back on the progress away from ordinalContinue reading “ISSA Journal – The Future of ITRM will be Quantified”
ICYMI: Digital Transformation
I wrote an article to help ISACA introduce its Digital Transformation research in the Financial Services industry. There are some interesting findings in here about AI, IOT, Cryptocurrency, and Blockchain. My article in Bankingexchange.com is here ISACA’s Digital Transformation Barometer research is here
ICYMI: Risk Management and the Paradox of Common Sense
I really enjoy reading Duncan Watts work and I was blown away by how he assailed the concept of common sense that we all rely upon so readily: What we don’t realize, however, is that common sense often works just like mythology. By providing ready explanations for whatever particular circumstances the world throws at us,Continue reading “ICYMI: Risk Management and the Paradox of Common Sense”
The Risk Dr ® 