Category: Quantification
-
I’m very excited to announce that I will be speaking at the Cyber Future Dialogue in two weeks in Davos, Switzerland during the World Economic Forum. This is going to be an amazing opportunity to converse with distinguished leadership from around the world on the necessity of and practical means to operationalize cyber risk quantification…
-
Welcome to 2020! I kept busy last month, even with the holidays. Here are some updates: I wrote a piece for ISACA about how much spending is being done in aggregate for cyber security and how we need to rationalize the controls we are spending on. The FAIR Institute called this my manifesto here :-)…
-
I’m very pleased to announce that I’ve been accepted to speak again at next year’s RSA Conference. I’m going to be presenting on an Agent Based Model concept using FAIR risk results jointly with my colleague Joel Amick. Joel’s team and my team worked to develop a POC of this work and we can’t wait…
-
The December issue of the ISSA Journal was released and my article on the Future of IT Risk is on the cover. The theme for this month’s Journal is “The Next 10 Years” and I wanted to highlight where I saw the industry going. I begin with a look back on the progress away from ordinal…
·
-
I was very honored to have had the chance to share my quantitative cyber risk journey with the broader security community last week at the RSA Conference. My session had over 100 people in attendance (quite a feat at 8AM on a Wednesday!) and the questions and followups were so good they lasted until we…
·
-
I’ve been accepted to speak at RSA about Quant Risk implementation #rsac
-
I tackle the notion of risk appetite in this month’s column using some metaphors with which you might be familiar. You don’t get to pick your auto insurance coverage by expressing the number of accidents you are willing to accept, yet that’s how a lot of organizations think about cyber risk. Fortunately, the cyber insurance…
-
There’s a cynical meme out there about mistrusting new (as well as proprietary) encryption methods. Unless its been around long enough to suffer the slings and arrows of academic and practitioner criticism, its probably not worth entrusting your security to it. I’m hereby extending this in a new corollary: All claims of “new” equations…
-
It’s a busy week for me. In addition to the webinar this Friday, next Monday (23 March) I’ll be holding a workshop at 11:00 AM in the Data Quality track of the OpRisk North America conference. I’ll be talking about financial metrics, risk appetite, volatility trends, and scenario analysis. You can’t have quality data without…
-
As we close out this year, one thought has been dominating my days. We’ve all learned how to practice risk from different places (where I’ve worked is different from where you’ve worked, etc.). So much in the practice of risk is based on the notion of personality; we do risk one way because I’m leading…
The Risk Dr ® 