-
Organizations are increasingly furthering their goals through reliance on suppliers conducting critical work. In support of this, information security departments routinely conduct security assessments of those suppliers in order help minimize risk in their supply chains. These assessments usually consist of some combination of questionnaires, onsite observations, testing, and interviews. Unfortunately, such assessment routines tend…
-
I’ve been watching Amish Mafia lately (a guilty pleasure). That got me to thinking about the role of shunning in good risk management (because this is how my mind works, apparently). We want our leadership to take good, appropriate levels of risk, which is a way of saying there are good behaviors to which we would like…
-
The wait is over! The definitive guide to using FAIR in your daily risk work is now for sale everywhere you care to buy books (which in today’s book business means Amazon, Google, etc.). It’s available in soft cover if you want a physical book and also on eBook. There are a few reviews out there…
·
-
Jack Jones wrote a blog post for our publisher’s site about why its important to justify security spend, and how the industry is at a turning point about that. Also, another quick note: it seems that the book is available on Google Play in eBook format (scanned pages; not reflow like you’d get on Kindle).
-
The book goes to the printers tomorrow…
·
-
A quick update on the book: the publisher has made preorders available on their website. As the release comes closer, you will also be able to pick up a copy from your favorite retailer (Amazon, etc.)
·
-
I’ve noticed that the phrase “real risk” has been in use to mean a number of different things. I write about this in the July @ISACA column.
·
-
My @ISACA column was published recently on risk ownership. Its a problem all risk professionals have to deal with at some point in their careers: when IT is expected to own what is ultimately business risk. I use absurdity to illustrate how absurd this is ;-) You can read the column here.
-
Hello everyone! I thought I’d give you a brief update. I’ve been very quiet here lately as Jack Jones and I made the final push to complete the book. We submitted the completed manuscript on or about Tax Day in April (with so many late nights, its hard to remember exactly when we were done).…
·
-
Recently, our editors revealed the final version of the book cover and indicated that its okay to share with you. So here it is: the official cover of Measuring and Managing Information Risk: A FAIR Approach. As soon as we get a publication date we will be happy to share. Tentatively we are looking at late…
·
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
The Risk Dr ® 