The Risk Dr ®

  • Interviewed on the SEC’s new Cyber Risk Disclosure Guidance

    I was recently interviewed by the FAIR Institute on the recently released guidance for firms to disclose material cyber risk.

    ·

    , , ,

  • Cyber Risk Cassandras

    I wrote this latest bit for the @ISACA column after reading Richard Clarke’s book and trying to rationalize how it applies to cyber risk. It’s overly easy to predict failures and impending doom at a macro level, its much harder to do it at the micro level, which is infinitely more interesting and useful. You…

    ·

    , , ,

  • New Book: Fintech Growth and Deregulation

    My new co-edited book on FinTech published

    ·

    , , ,

  • Speaking at Cyber Risk NA

    I’m pleased to announce that I will be speaking again at Cyber Risk NA this year. I’ll be on a panel discussion about Modelling Cyber Risk (full program agenda here) I’ll see you in New York on the 20th of March. #CyberRiskNA  

    ·

    , , ,

  • Accepted at RSA – Quant Risk Implementation

    I’ve been accepted to speak at RSA about Quant Risk implementation #rsac

    ·

    , , ,

  • More on Smart Contracts

    I wrote some more on Smart Contracts for the ISACA Now Blog. I tied the concept back to Code = Law as put forth by Lawrence Lessig and talked some more about the scenarios that you’d need to risk model. You can read my thoughts on this here.

    ·

    , , ,

  • Lowest Common Risk Denominator

    I tackle the notion of risk appetite in this month’s column using some metaphors with which you might be familiar. You don’t get to pick your auto insurance coverage by expressing the number of accidents you are willing to accept, yet that’s how a lot of organizations think about cyber risk. Fortunately, the cyber insurance…

    ·

    , , , , ,

  • Smart Contracts

    I was interviewed for, and quoted in, this ISACA publication around Smart Contracts. Upon reflection, what we are really seeing is just a continuation of the concept of Code = Law as pointed out by Lawrence Lessig in his 1999 book, Code and Other Law of Cyberspace. The Smart Contracts doc is a free download…

    ·

    , ,

  • Cyber Deterrence

    I was reading up on cyber deterrence today and ran across this little gem in relation to nuclear deterrence: Because of the value that comes from the ambiguity of what the US may do to an adversary if the acts we seek to deter are carried out, it hurts to portray ourselves as too fully…

    ·

    , , , ,

  • Interesting Times

    In my latest column I wanted to call out some of the dichotomy that exists in the cyber world today. There are so many exciting new technologies in the world, and so much more risk inherent in them. Working in risk means that you can’t avoid bad things entirely (any more than you can stop…

    ·

    , ,