-
The folks over at the FAIR Institute were nice enough to interview me recently and turn it into a series of blog posts. Part 1 is up right now and sets the stage for how to assess quality in your Cyber Risk assessments.
·
-
I’m very pleased to announced that the book I coauthored with Jack Jones (Measuring and Managing Information Risk: A FAIR Approach) has been inducted today into the Cybersecurity Canon at the Palo Alto Networks 2016 Ignite Conference. The Canon includes books both fiction and nonfiction that accurately depict the history, milestones, and culture of the…
-
Risk management is all about making forward-looking statements about things that may or may not come to pass. This is also known as forecasting. Read more about this in my latest @ISACA column.
-
I’m pleased to announce that I have been asked to present at the Cyber Risk North America conference on 15-16 March in NY. Its offered in conjunction with OpRisk North America where I presented last year. I will be presenting on the theme of assessing quality using Risk Forecast Accuracy (a topic that was the…
-
In this month’s ISSA Journal, my colleagues and I wrote about Risk Forecast Accuracy. This is a practice that all mature risk functions should pursue and we offer an approach that is relatively straightforward and practical in its application. If we accept that risk is a statement about the future, then its important to also…
·
-
In this month’s @ISACA column, I tackle politics and the orientation that risk professionals should have when working in political environments. The ethical obligations of risk professionals are not as well known as they are for other professions, but they are no less important. We have an ethical obligation to tell inconvient truths about risk…
-
In 1935, Austrian physicist Erwin Schrödinger devised the thought experiment known as Schrödinger’s Cat. It’s a gruesome but pretend experiment where we place a cat in a cage (sometimes a box) with a device that could randomly release a poison that is capable of killing the cat. However, it may also never release the poison…
·
-
I was always a big fan of Alice in Wonderland. Having read the book several times, you just have to wonder why she goes down the hole at all? Alice abandons all that she knows, all that everyone around her acknowledges as being rational and true, for something that we’re told is simply the pursuit of curiosity.…
-
In my latest @ISACA column, I tackle the problem of project triage. Its a pernicious problem that many security departments have to manage: we have to check everything currently in place, yet new stuff is being added all the time. I address this problem from a risk perspective: we need to allocate our scarce security…
-
I really enjoyed Bruce Schneier’s recent post on Code Yellow. It inspired me to write about it in the context of personal self defense (and its parallels to the Japanese term zanshin). I disagree with Bruce’s opinion that being in Code Yellow generally is a bad thing (at least, that’s the impression I got from his piece).…
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
The Risk Dr ® 