The Risk Dr ®

  • Cyber Deterrence

    I was reading up on cyber deterrence today and ran across this little gem in relation to nuclear deterrence: Because of the value that comes from the ambiguity of what the US may do to an adversary if the acts we seek to deter are carried out, it hurts to portray ourselves as too fully…

    ·

    , , , ,

  • Interesting Times

    In my latest column I wanted to call out some of the dichotomy that exists in the cyber world today. There are so many exciting new technologies in the world, and so much more risk inherent in them. Working in risk means that you can’t avoid bad things entirely (any more than you can stop…

    ·

    , ,

  • Pure Risk

    My latest @ISACA column was published today and in it, I talk about a concept called “pure risk.” It flies in the face of notions of “positive risk” that are in popular use. Understanding Pure Risk can help dispel any notion that Cyber Risk can be a good thing. You can read it here.

    ·

    ,

  • Interviewed on the Juicebox Podcast

    I was recently interviewed on the JuiceBox Podcast, a production of the Arden’s Day Blog. This is a Diabetes-heavy conversation which I sometimes talk about on my Blog. About halfway through we do have a little discussion about risk when we talk about how I viewed the having a child that has T1D the same as…

    ·

  • Risk and Regulation

    My latest @ISACA article was published today. In it, I focus on the notion of where our authority comes from in Information Security. Too often, in my opinion, we rely on regulation as a source of “why” when articulating control requirements. I think this is dangerous and counter to the very nature of what an…

    ·

    , , , , ,

  • Article on Cyber Risk Taxonomy on Risk.Net

    I wrote a piece for risk.net that discusses techniques for integrating a cyber risk taxonomy with an operational risk taxonomy. It’s behind a paywall, so apologies for that up front, but they do have a free trial. Its a great article for those that are struggling with aligning the need for cyber risk granularity with…

    ·

    , , ,

  • In Defense of Verbal Risk Labels

    My latest column for @ISACA was published today. In it I talk about the benefits of using verbal risk labels (things like high, medium, and low) and give some examples where this is helpful in the treatment of Type 1 Diabetes. This is an important concept for those like myself that are dedicated to quantitative…

    ·

    , , ,

  • Named IAPP Fellow

    Today I was notified that I was named as an IAPP Fellow of Information Privacy. I’m honored and humbled to be a part of this organization’s inaugural class of Fellows. You can read more about this designation here. The list of IAPP Fellows is here.  

    ·

    , ,

  • Interviewed for the Cyber Canon

    Back in April, when Jack Jones and I were inducted into the Cyber Security Canon we had the pleasure of being interviewed by Rick Howard, CSO of Palo Alto Networks. You can view the video here or watch it below. (They published the interview video back in September and I forgot to post it here.) It was hot…

    ·

    ,

  • OpRisk Book Chapter on Cyber Published

    I’m pleased to announce that a new book has been published that includes a chapter that I wrote on Cybersecurity and Technology Risk. I was approached by the good folks at Risk Books on contributing some original Cyber content in their new publication on Operational Risk. I choose to address the general risks in the…

    ·

    , ,