ISACA asked me to write a short piece on my Journal article about risk communication. They published that here. I also wrote a blog post for the @ISACA newsletter about the trouble with positive risk. Lastly, NIST released an update to their ERM-Cyber integration standard and my friends at the FAIR Institute asked me toContinue reading “Positive Risk, ISACA Journal, and more NIST”
Category Archives: NIST
Cyber Risk Frameworks, MITRE ATT&CK, and Risk Communication in the ISACA Journal
Interviewed by Phil Venables, published in the ISACA Journal and Dark Reading, and more thoughts on NIST and CVSS
Feb Update! Davos, NIST, Cloud Smart, and Risk Mgmt Maturity
NIST webinar, app rationalization for Federal Cloud Smart policy, Risk Mgmt Maturity report, and Davos
RSA 2020, NIST CSF, and Dark Reading
First off, I’m very pleased to announce that I will be presenting again next year at the RSA Conference. My session is called “Maturing Cyber-Risk Management Practices: Framework and Next Steps” (EZCL-R01). This will be done as a Collaborative Learning Session (a new RSAC format). I’ll lead a discussion then turn it over to theContinue reading “RSA 2020, NIST CSF, and Dark Reading”
The Risk Dr ® 