Category: Risk
-
I was recently interviewed by the FAIR Institute as a part of their Meet a Member series. I talk a little bit about my origins measuring cyber risk using FAIR. You can listen to the interview here.
·
-
RSA Conference is next week and I’m excited to share that I will be presenting on some work a a colleague and I have done on building an Agent-Based Model (ABM) using FAIR risk data. This should be an interesting discussion, so please join me next Wednesday at 2:50PM Pacific in Moscone West 2011. I…
·
-
“There is a certain uselessness in saying an organization does not want to accept high risk.” My latest @ISACA article was published and as I was re-reading this line it resonated with me even more. You have to have more fidelity in how you define risk appetite for it to be useful. More tips on…
-
I’m very pleased to announce that I’ve been accepted to speak again at next year’s RSA Conference. I’m going to be presenting on an Agent Based Model concept using FAIR risk results jointly with my colleague Joel Amick. Joel’s team and my team worked to develop a POC of this work and we can’t wait…
-
The December issue of the ISSA Journal was released and my article on the Future of IT Risk is on the cover. The theme for this month’s Journal is “The Next 10 Years” and I wanted to highlight where I saw the industry going. I begin with a look back on the progress away from ordinal…
·
-
I wrote an article to help ISACA introduce its Digital Transformation research in the Financial Services industry. There are some interesting findings in here about AI, IOT, Cryptocurrency, and Blockchain. My article in Bankingexchange.com is here ISACA’s Digital Transformation Barometer research is here
-
I was humbled this week when I was awarded the FAIR Champion award from the FAIR Institute at their annual conference last week at Carnegie Mellon in Pittsburgh, PA. Jack Jones has created this extraordinary thing in FAIR and it is and will continue to do nothing less than revolutionize our industry. That he decided…
·
-
RSA posted my presentation from this year’s conference, Implementing a Quantitative Cyber-Risk Framework: A FinSrv Case Study. You can hear me explain the organizational environment and requirements and the automated risk assessment solutions I put in place to satisfy them. The slides are still available here.
·
-
I’m looking forward to participating on this panel discussion at the upcoming FAIR Conference. This is a topic that really speaks to me and I’m looking forward to sharing what I’ve experienced and hearing from the co-panelists about how they’ve accomplished the same. Here’s the full agenda and if you haven’t registered yet you can…
-
I really enjoy reading Duncan Watts work and I was blown away by how he assailed the concept of common sense that we all rely upon so readily: What we don’t realize, however, is that common sense often works just like mythology. By providing ready explanations for whatever particular circumstances the world throws at us,…
·
The Risk Dr ® 