I have a “warehouse” full of good cyber risk things to share with you below: Here is an ISACA piece I was asked to write about things Cyber Risk professionals need to focus on in 2022 This ISACA column I wrote speaks to the role that bias plays in how cyber news is fed toContinue reading “Cyber Risk Warehouse – 2022 April YTD ICYMI”
Category Archives: Psychology
ICYMI: Concept Creep: Why Cyber Risk Problems Never Get Solved
I had a great time writing this post for the FAIR Institute. I was inspired by post-doc David Levari of the Harvard Business School’s article in The Conversation called Why Your Brain Never Runs out of Problems to Find. In it he talks about how our brains have a sliding scale of what “badness” is overContinue reading “ICYMI: Concept Creep: Why Cyber Risk Problems Never Get Solved”
Security Awareness and the Bystander Effect
My latest @ISACA column was posted recently. This time I tackled a hard issue in the human factors space: awareness training. Specifically, I explored the notion that having a good security team may actually impede the effectiveness of a security awareness program. I did this through the application of some concepts from the bystander effect.Continue reading “Security Awareness and the Bystander Effect”
Cyber Deterrence
I was reading up on cyber deterrence today and ran across this little gem in relation to nuclear deterrence: Because of the value that comes from the ambiguity of what the US may do to an adversary if the acts we seek to deter are carried out, it hurts to portray ourselves as too fullyContinue reading “Cyber Deterrence”
Schrödinger’s Christmas
In 1935, Austrian physicist Erwin Schrödinger devised the thought experiment known as Schrödinger’s Cat. It’s a gruesome but pretend experiment where we place a cat in a cage (sometimes a box) with a device that could randomly release a poison that is capable of killing the cat. However, it may also never release the poisonContinue reading “Schrödinger’s Christmas”
The Risk Dr ® 