Category: Risk
-
I wrote a piece for risk.net that discusses techniques for integrating a cyber risk taxonomy with an operational risk taxonomy. It’s behind a paywall, so apologies for that up front, but they do have a free trial. Its a great article for those that are struggling with aligning the need for cyber risk granularity with…
-
My latest column for @ISACA was published today. In it I talk about the benefits of using verbal risk labels (things like high, medium, and low) and give some examples where this is helpful in the treatment of Type 1 Diabetes. This is an important concept for those like myself that are dedicated to quantitative…
-
-
Back in April, when Jack Jones and I were inducted into the Cyber Security Canon we had the pleasure of being interviewed by Rick Howard, CSO of Palo Alto Networks. You can view the video here or watch it below. (They published the interview video back in September and I forgot to post it here.) It was hot…
-
I’m pleased to announce that a new book has been published that includes a chapter that I wrote on Cybersecurity and Technology Risk. I was approached by the good folks at Risk Books on contributing some original Cyber content in their new publication on Operational Risk. I choose to address the general risks in the…
-
My fall conference calendar keeps filling up! I’ll be a panelist at SIRAcon this year alongside Jim Hietala from the OpenGroup and a couple surprise guests on Thursday 13 Oct at 9:00 AM. We will be speaking on the Risk Analyst Profession: Training and Certification Requirements.
-
I’ve got a busy October speaking calendar this year! I will be participating on a panel discussion at the inaugural FAIR Conference this year, as well as signing books with Jack Jones. Should be a fun time! Be sure and stop by to say hello!
-
I will be speaking this Wednesday, 5 Oct at the 2016 UNCC Cyber Security Summit. The last time I spoke there was 2013. I’m doing a hybrid joint-presentation/panel discussion with Chris Houser from Wells Fargo and the panel discussion will be moderated by Todd Innskeep from Booz Allen Hamilton. I will be talking about how…
-
Sometimes, the organization you work for will need to make budget cuts. And sometimes that means cuts to the security budget. How that should be handled is the subject of my latest @ISACA column.
-
Recently, I was discussing faux names for the risk department with a colleague in Operational Risk. We were trying to come up with a good subheading that poked fun of our role in the organization. My suggestions tended towards the subversive (my favorite suggestion was “Risk: Hide All the Bowls Of Cheerios”). My humor belied…
·
The Risk Dr ® 