The Risk Dr ®

Category: Risk

  • AI Didn’t Break Risk Management

    I wrote a piece recently for the ISACA Now Blog on AI and cyber risk governance, and it ties directly to a talk I’ll be giving at the ISACA North America Conference in Las Vegas: Balancing Cyber Risk Governance in the Age of AIThursday, May 7 | 1:45–2:45 PM The core idea is simple: AI…

    ·

  • A Few Months Late, But Still Quantitative

    I’m a few months late mentioning this, but the new edition of Measuring and Managing Information Risk: A FAIR Approach is out. This isn’t a light refresh. It reflects how quantitative risk management has evolved over the last decade: what’s working, what’s not, and where organizations are still getting stuck. And no more screensaver passwords.…

    ·

  • Introducing My New Book: CTRL-ALT-RISK

    I’m so excited to announce the release of CTRL-ALT-RISK, my new book that compiles years of work into one accessible collection. This anthology features short essays I originally wrote for the @ISACA® Newsletter, offering practical tips and insights for navigating the complex world of cyber risk management. Whether you’re a cybersecurity veteran or just beginning…

    ·

    , ,

  • New Insights on Cyber Risk Governance: My Latest Article in the ISACA Journal

    I’m pleased to share my latest article in the ISACA Journal, titled “From Measurement to Management: Integrating Cyberrisk Quantification into Risk Governance.” In this piece, I explore how the newly updated NIST Cybersecurity Framework 2.0, with its focus on governance, is driving critical feedback loops between cyber operations and executive decision-making. In particular, I delve…

    ·

    , , , ,

  • Navigating Cyber Governance Post-Chevron Deference Ruling

    I recently wrote an article for the ISSA Journal discussing the significant shifts in U.S. cyber governance after the recent Supreme Court decisions that overturned the 1984 Chevron Deference precedent. These rulings now require courts to interpret legislation more literally, leading to uncertainty about the future of cyber regulations. However, it’s important to understand the…

    ·

    , ,

  • My Take on Cyber-ESG Synergy in the ISACA Journal

    I’m super excited to share my latest article, “Cyber-ESG Synergy: Protecting the 4th Industrial Revolution,” just published in the ISACA Journal! In this piece, I dive into how combining cybersecurity with ESG (Environmental, Social, and Governance) principles can help us build a more secure and sustainable future. Curious about how this all ties together? Check…

    ·

    ,

  • The Risk Sin Eater

    I’m really excited to share this one. The inspiration for this article was courtesy of a good friend who was venting about work. I connected their troubles with something I dug up from my latent interest in folklore. Long story short, the risk department shouldn’t be accepting risk on behalf of the business. I hope…

    ·

    , , , ,

  • Common Sense Risk

    In my latest column for the @ISACA newsletter, I delve into the complex interplay between common sense and cyber security.

    ·

    , , , , , ,

  • Emotional Risk Decision Making

    In the realm of cyber risk quantification, it’s a common belief that emotions should be kept out of the risk assessment and decision-making processes. Certainly, there are valid concerns associated with the influence of emotions, which cannot be overlooked. However, it’s important to recognize that emotions do have a rightful place in risk management. In…

    ·

    , ,

  • 2023 EOY Cyber Risk Wrap Up

    Here is a mega-update of things I meant to post since Sept(!) In the September 2023 ISSA Journal, I worked with my colleague Natalie Jorion to publish this piece about SEC cyber materiality. You can access the article here. I did a webinar with ISS Corporate about the SEC materaility rule. You can watch the…

    ·

    , , ,