I’m giving a webinar tomorrow based on the whitepaper I authored for ISACA: Reporting Cybersecurity Risk to the Board of Directors. It’s a free download. I cover Board reporting from the technologists perspective, covering the role of the Board and how to communicate to them in a way they understand. You can register for theContinue reading “How to Report Cyber Risk to the Board”
I was recently interviewed by the FAIR Institute on the recently released guidance for firms to disclose material cyber risk.
Just a quick note about this month’s column (available here). I’m getting the sense from the risk and control professionals I’ve spoken with recently that there is a greater realization of the separation of duties incumbent upon risk functions. In this piece, I briefly discuss how to use reporting to make this clear, and driveContinue reading “Effective Approaches to “Bringing the Pain” With Risk Management”
I’ve been watching Amish Mafia lately (a guilty pleasure). That got me to thinking about the role of shunning in good risk management (because this is how my mind works, apparently). We want our leadership to take good, appropriate levels of risk, which is a way of saying there are good behaviors to which we would likeContinue reading “Amish Approaches to Risk Management”