Category: @ISACA
-
I’m so excited to announce the release of CTRL-ALT-RISK, my new book that compiles years of work into one accessible collection. This anthology features short essays I originally wrote for the @ISACA® Newsletter, offering practical tips and insights for navigating the complex world of cyber risk management. Whether you’re a cybersecurity veteran or just beginning…
-
Earlier this year, I had the opportunity to reflect on lessons I learned from an unlikely source: a class I took on Plant Pathology. As part of my academic journey, the class explored how plants thrive in challenging environments, defend themselves against threats, and adapt to changing conditions. The parallels to cybersecurity were hard to…
-
Many organizations mistakenly believe they need extensive data and complex systems for Cyber Risk Quantification (CRQ). This article advocates for early adoption of quantitative risk measurement, starting small and evolving over time. By abandoning outdated qualitative ratings, organizations can access valuable insights, enhance decision-making, and achieve greater resilience in their risk programs from the outset.
-
My latest piece, “Material Matters: The SEC’s Cyber Disclosure Reality Check,” has been published in @ISACA’s newsletter. With the SEC’s new cyber disclosure requirements shaking up the industry, this article dives deep into the implications for cybersecurity and risk management professionals. It explores how these regulations will affect the disclosure of material cyber risks (and…
-
I’m really excited to share this one. The inspiration for this article was courtesy of a good friend who was venting about work. I connected their troubles with something I dug up from my latent interest in folklore. Long story short, the risk department shouldn’t be accepting risk on behalf of the business. I hope…
-
In my latest column for the @ISACA newsletter, I delve into the complex interplay between common sense and cyber security.
-
In the realm of cyber risk quantification, it’s a common belief that emotions should be kept out of the risk assessment and decision-making processes. Certainly, there are valid concerns associated with the influence of emotions, which cannot be overlooked. However, it’s important to recognize that emotions do have a rightful place in risk management. In…
-
Here is a mega-update of things I meant to post since Sept(!) In the September 2023 ISSA Journal, I worked with my colleague Natalie Jorion to publish this piece about SEC cyber materiality. You can access the article here. I did a webinar with ISS Corporate about the SEC materaility rule. You can watch the…
-
In this @ISACA newsletter column, I talk about some real-world perspectives I encountered where one organization was told they shouldn’t quantify cyber risk.
-
I recently coauthored an article for the ISACA Journal with a coworker about imputing the cost of a data breach from record count. We also recorded a podcast based on the article. You can read the article here and listen or watch the podcast. I also authored a piece for the @ISACA newsletter on the…
·
The Risk Dr ® 