Tag: Cyber Risk
-
I’m so excited to announce the release of CTRL-ALT-RISK, my new book that compiles years of work into one accessible collection. This anthology features short essays I originally wrote for the @ISACA® Newsletter, offering practical tips and insights for navigating the complex world of cyber risk management. Whether you’re a cybersecurity veteran or just beginning…
-
Many organizations mistakenly believe they need extensive data and complex systems for Cyber Risk Quantification (CRQ). This article advocates for early adoption of quantitative risk measurement, starting small and evolving over time. By abandoning outdated qualitative ratings, organizations can access valuable insights, enhance decision-making, and achieve greater resilience in their risk programs from the outset.
-
I recently wrote an article for the ISSA Journal discussing the significant shifts in U.S. cyber governance after the recent Supreme Court decisions that overturned the 1984 Chevron Deference precedent. These rulings now require courts to interpret legislation more literally, leading to uncertainty about the future of cyber regulations. However, it’s important to understand the…
·
-
My latest piece, “Material Matters: The SEC’s Cyber Disclosure Reality Check,” has been published in @ISACA’s newsletter. With the SEC’s new cyber disclosure requirements shaking up the industry, this article dives deep into the implications for cybersecurity and risk management professionals. It explores how these regulations will affect the disclosure of material cyber risks (and…
-
Here is a mega-update of things I meant to post since Sept(!) In the September 2023 ISSA Journal, I worked with my colleague Natalie Jorion to publish this piece about SEC cyber materiality. You can access the article here. I did a webinar with ISS Corporate about the SEC materaility rule. You can watch the…
-
A new whitepaper was released this week from the World Economic Forum. I was very honored to be a part of the group that authored this (you can see my contributions in section 2.2 – Understand the economic drivers and impact of cyber risk). The paper is free to download here.
-
I was recently interviewed by the FAIR Institute on the recently released guidance for firms to disclose material cyber risk.
-
I wrote a piece for risk.net that discusses techniques for integrating a cyber risk taxonomy with an operational risk taxonomy. It’s behind a paywall, so apologies for that up front, but they do have a free trial. Its a great article for those that are struggling with aligning the need for cyber risk granularity with…
The Risk Dr ® 