Welcome to 2020! I kept busy last month, even with the holidays. Here are some updates: I wrote a piece for ISACA about how much spending is being done in aggregate for cyber security and how we need to rationalize the controls we are spending on. The FAIR Institute called this my manifesto here :-)Continue reading “Welcome to 2020! Cyber Risk Prospectuses and a “Manifesto””
Security leadership is risk leadership
I wrote an article to help ISACA introduce its Digital Transformation research in the Financial Services industry. There are some interesting findings in here about AI, IOT, Cryptocurrency, and Blockchain. My article in Bankingexchange.com is here ISACA’s Digital Transformation Barometer research is here
I really enjoy reading Duncan Watts work and I was blown away by how he assailed the concept of common sense that we all rely upon so readily: What we don’t realize, however, is that common sense often works just like mythology. By providing ready explanations for whatever particular circumstances the world throws at us,Continue reading “ICYMI: Risk Management and the Paradox of Common Sense”
Awarded ISACA Global Achievement Award for work on CRISC certification
I wrote some more on Smart Contracts for the ISACA Now Blog. I tied the concept back to Code = Law as put forth by Lawrence Lessig and talked some more about the scenarios that you’d need to risk model. You can read my thoughts on this here.
I tackle the notion of risk appetite in this month’s column using some metaphors with which you might be familiar. You don’t get to pick your auto insurance coverage by expressing the number of accidents you are willing to accept, yet that’s how a lot of organizations think about cyber risk. Fortunately, the cyber insuranceContinue reading “Lowest Common Risk Denominator”
My latest @ISACA article was published today. In it, I focus on the notion of where our authority comes from in Information Security. Too often, in my opinion, we rely on regulation as a source of “why” when articulating control requirements. I think this is dangerous and counter to the very nature of what anContinue reading “Risk and Regulation”