My piece on Cyber Resilience was recently published by ISACA. Note that their style guide requires that everything with cyber in it be a compound word which makes it read weird. I had a good laugh with them about this. They also interviewed me for ISACA TV on communicating cyber risk to the board andContinue reading “Cyber Resilience & Board Communication Interview”
Tag Archives: ISACA
ISACA CRQ Whitepaper, a Webinar, and More CRQ
A whitepaper I recently wrote for ISACA was published. You can access it here. In this paper I wanted to write about how cyber risk quantification worked broadly, not just in a FAIR context. I hope it gives you a good primer to this topic. I’m also doing an ISACA webinar with my good friendContinue reading “ISACA CRQ Whitepaper, a Webinar, and More CRQ”
Risk Treatment
My latest @ISACA post talks about how there is a lack of parallelism in the way that organizations apply Risk Treatment. In short, the lower in the organization you are the less real options that you have. You can read the article here
CRQ, Zero Trust, NACD, and Risk Treatment Options
Here is a mega update on several items I’ve been working on lately. First, I did a podcast with ThreatConnect talking about CRQ. We did a bit of a retrospective on the FAIR book as well which was nice. Next is a piece I wrote for ISACA about how to not over-respond to current workContinue reading “CRQ, Zero Trust, NACD, and Risk Treatment Options”
Positive Risk, ISACA Journal, and more NIST
ISACA asked me to write a short piece on my Journal article about risk communication. They published that here. I also wrote a blog post for the @ISACA newsletter about the trouble with positive risk. Lastly, NIST released an update to their ERM-Cyber integration standard and my friends at the FAIR Institute asked me toContinue reading “Positive Risk, ISACA Journal, and more NIST”
ZombieLoad, Business Acumen, HITRUST, and DHS Directive
As a part of my new role with RiskLens, I’ve been publishing several articles. Included here is a recap of my work over the past month: The ZombieLoad speculative execution bug raised the specter of a possible 40% hit in performance. I gave a plan to evaluate this new bug in the context of riskContinue reading “ZombieLoad, Business Acumen, HITRUST, and DHS Directive”
Emerging Risk
For this months @ISACA Tips column, I wrote about the conundrum of defining and assessing emerging risk. Its an interesting space to assess; technologies and trends so cutting edge that they sorta defy precision assessments, yet also so important as to require them. You can check it out here.
ICYMI: Digital Transformation
I wrote an article to help ISACA introduce its Digital Transformation research in the Financial Services industry. There are some interesting findings in here about AI, IOT, Cryptocurrency, and Blockchain. My article in Bankingexchange.com is here ISACA’s Digital Transformation Barometer research is here
ISACA Global Achievement Award Winner
Awarded ISACA Global Achievement Award for work on CRISC certification
Smart Contracts
I was interviewed for, and quoted in, this ISACA publication around Smart Contracts. Upon reflection, what we are really seeing is just a continuation of the concept of Code = Law as pointed out by Lawrence Lessig in his 1999 book, Code and Other Law of Cyberspace. The Smart Contracts doc is a free downloadContinue reading “Smart Contracts”
The Risk Dr ® 