Risk management is all about making forward-looking statements about things that may or may not come to pass. This is also known as forecasting. Read more about this in my latest @ISACA column.
Category Archives: @ISACA
Risk and Politics
In this month’s @ISACA column, I tackle politics and the orientation that risk professionals should have when working in political environments. The ethical obligations of risk professionals are not as well known as they are for other professions, but they are no less important. We have an ethical obligation to tell inconvient truths about riskContinue reading “Risk and Politics”
Security Project Triage is all about Resource Allocation
In my latest @ISACA column, I tackle the problem of project triage. Its a pernicious problem that many security departments have to manage: we have to check everything currently in place, yet new stuff is being added all the time. I address this problem from a risk perspective: we need to allocate our scarce securityContinue reading “Security Project Triage is all about Resource Allocation”
The Tragedy of the Risk Commons
In this edition of the @ISACA newsletter, I tackle the common problem of shared risk ownership. The behavioral economics of this scenario makes it a challenging one to solve. I’m interested in hearing any solutions you may have found to be useful.
The April @ISACA newsletter was published last week with my piece called “Risk Palimpsest.” I ran across this unusual word in some non-risk reading I was doing and I was instantly struck with what a great metaphor it was. You can read it here (and also learn what a palimpsest is).
Effective Approaches to “Bringing the Pain” With Risk Management
Just a quick note about this month’s column (available here). I’m getting the sense from the risk and control professionals I’ve spoken with recently that there is a greater realization of the separation of duties incumbent upon risk functions. In this piece, I briefly discuss how to use reporting to make this clear, and driveContinue reading “Effective Approaches to “Bringing the Pain” With Risk Management”
Risk Work is Stressful
My latest column was published today with the above title and I wanted to call out two things with this one. First, since risk drives the selection of priorities, it only follows that its stressful work. Decision making is mentally taxing, so the professionals whose job it is to facilitate that will shoulder that burdenContinue reading “Risk Work is Stressful”
I’ve noticed that the phrase “real risk” has been in use to mean a number of different things. I write about this in the July @ISACA column.
Who Owns Loss Owns Risk
My @ISACA column was published recently on risk ownership. Its a problem all risk professionals have to deal with at some point in their careers: when IT is expected to own what is ultimately business risk. I use absurdity to illustrate how absurd this is ;-) You can read the column here.