ISSA Journal – The Future of ITRM will be Quantified

The December issue of the ISSA Journal was released and my article on the Future of IT Risk is on the cover. The theme for this month’s Journal is “The Next 10 Years” and I wanted to highlight where I saw the industry going. I begin with a look back on the progress away from ordinalContinue reading “ISSA Journal – The Future of ITRM will be Quantified”

Risk Forecast Accuracy – Feb ISSA Journal

In this month’s ISSA Journal, my colleagues and I wrote about Risk Forecast Accuracy. This is a practice that all mature risk functions should pursue and we offer an approach that is relatively straightforward and practical in its application. If we accept that risk is a statement about the future, then its important to alsoContinue reading “Risk Forecast Accuracy – Feb ISSA Journal”

How Security, Audit, and Risk should work together

My article on the role of audit and risk was published in the ISSA Journal this past October 2012. If you didn’t catch it then, you can find it here. I began this article with a question, when did IT auditing become a profession. With that in mind, I want back to the original version of COBITContinue reading “How Security, Audit, and Risk should work together”