I was recently interviewed by the FAIR Institute on the recently released guidance for firms to disclose material cyber risk.
My latest @ISACA article was published today. In it, I focus on the notion of where our authority comes from in Information Security. Too often, in my opinion, we rely on regulation as a source of “why” when articulating control requirements. I think this is dangerous and counter to the very nature of what anContinue reading “Risk and Regulation”