Learning From Other’s Mistakes

I wrote this piece after I read one person’s take on the relationship between near misses and audit findings. I wanted to reflect my thinking on the matter in a way that gave risk organizations a useful function to pursue after an incident. You can read about the role that your near misses (and other’s)Continue reading “Learning From Other’s Mistakes”

The Future of Quantitative Cyber Risk Reporting

In my latest piece for the @ISACA newsletter, I address the US SEC’s interest in enhancing the cyber risk reporting requirements. The SEC has asked for feedback on this matter from the public. I used my feedback to them in the writing of this piece.