-
Risk management is all about making forward-looking statements about things that may or may not come to pass. This is also known as forecasting. Read more about this in my latest @ISACA column.
-
I’m pleased to announce that I have been asked to present at the Cyber Risk North America conference on 15-16 March in NY. Its offered in conjunction with OpRisk North America where I presented last year. I will be presenting on the theme of assessing quality using Risk Forecast Accuracy (a topic that was the…
-
In this month’s ISSA Journal, my colleagues and I wrote about Risk Forecast Accuracy. This is a practice that all mature risk functions should pursue and we offer an approach that is relatively straightforward and practical in its application. If we accept that risk is a statement about the future, then its important to also…
·
-
In this month’s @ISACA column, I tackle politics and the orientation that risk professionals should have when working in political environments. The ethical obligations of risk professionals are not as well known as they are for other professions, but they are no less important. We have an ethical obligation to tell inconvient truths about risk…
-
In 1935, Austrian physicist Erwin Schrödinger devised the thought experiment known as Schrödinger’s Cat. It’s a gruesome but pretend experiment where we place a cat in a cage (sometimes a box) with a device that could randomly release a poison that is capable of killing the cat. However, it may also never release the poison…
·
-
I was always a big fan of Alice in Wonderland. Having read the book several times, you just have to wonder why she goes down the hole at all? Alice abandons all that she knows, all that everyone around her acknowledges as being rational and true, for something that we’re told is simply the pursuit of curiosity.…
-
In my latest @ISACA column, I tackle the problem of project triage. Its a pernicious problem that many security departments have to manage: we have to check everything currently in place, yet new stuff is being added all the time. I address this problem from a risk perspective: we need to allocate our scarce security…
-
I really enjoyed Bruce Schneier’s recent post on Code Yellow. It inspired me to write about it in the context of personal self defense (and its parallels to the Japanese term zanshin). I disagree with Bruce’s opinion that being in Code Yellow generally is a bad thing (at least, that’s the impression I got from his piece).…
-
There’s a cynical meme out there about mistrusting new (as well as proprietary) encryption methods. Unless its been around long enough to suffer the slings and arrows of academic and practitioner criticism, its probably not worth entrusting your security to it. I’m hereby extending this in a new corollary: All claims of “new” equations…
-
In this edition of the @ISACA newsletter, I tackle the common problem of shared risk ownership. The behavioral economics of this scenario makes it a challenging one to solve. I’m interested in hearing any solutions you may have found to be useful.
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
The Risk Dr ® 