-
There’s a cynical meme out there about mistrusting new (as well as proprietary) encryption methods. Unless its been around long enough to suffer the slings and arrows of academic and practitioner criticism, its probably not worth entrusting your security to it. I’m hereby extending this in a new corollary: All claims of “new” equations…
-
In this edition of the @ISACA newsletter, I tackle the common problem of shared risk ownership. The behavioral economics of this scenario makes it a challenging one to solve. I’m interested in hearing any solutions you may have found to be useful.
-
I recently heard the phrase “The structural engineer saves you from the architect.” It was playful banter between two members of the construction and building professions. See, the root of the joke is that the architects will design these fanciful buildings that, while visually appealing, are totally impractical in a way that the structural engineer…
-
The April @ISACA newsletter was published last week with my piece called “Risk Palimpsest.” I ran across this unusual word in some non-risk reading I was doing and I was instantly struck with what a great metaphor it was. You can read it here (and also learn what a palimpsest is).
-
It’s a busy week for me. In addition to the webinar this Friday, next Monday (23 March) I’ll be holding a workshop at 11:00 AM in the Data Quality track of the OpRisk North America conference. I’ll be talking about financial metrics, risk appetite, volatility trends, and scenario analysis. You can’t have quality data without…
-
Jack Jones and I are going to be tag-teaming a webinar this Friday on our book for the Society of Information Risk Analysts. More information here. Please join us if you are interested in learning more about the book.
·
-
Many information security practitioners labor daily to increase security for the organizations in which they work. The task itself seems beset with obstacles. On the one hand, there is the need to acquire security funding from executives that are distracted from security by the sturm und drang of the daily operation of the business, tempered…
-
Just a quick note about this month’s column (available here). I’m getting the sense from the risk and control professionals I’ve spoken with recently that there is a greater realization of the separation of duties incumbent upon risk functions. In this piece, I briefly discuss how to use reporting to make this clear, and drive…
-
Recently Ben Rothke named Measuring and Managing Information Risk as the Best Book of 2014. Frankly, I’m humbled by this as the field of competitors we are named amongst are very strong; Adam Shostack’s book was even named as best of 2014 by the venerable Bruce Schneier.
·
-
As we close out this year, one thought has been dominating my days. We’ve all learned how to practice risk from different places (where I’ve worked is different from where you’ve worked, etc.). So much in the practice of risk is based on the notion of personality; we do risk one way because I’m leading…
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
The Risk Dr ® 