ISACA asked me to write a short piece on my Journal article about risk communication. They published that here. I also wrote a blog post for the @ISACA newsletter about the trouble with positive risk. Lastly, NIST released an update to their ERM-Cyber integration standard and my friends at the FAIR Institute asked me toContinue reading “Positive Risk, ISACA Journal, and more NIST”
Tag Archives: NIST
Cyber Risk Frameworks, MITRE ATT&CK, and Risk Communication in the ISACA Journal
Interviewed by Phil Venables, published in the ISACA Journal and Dark Reading, and more thoughts on NIST and CVSS
Feb Update! Davos, NIST, Cloud Smart, and Risk Mgmt Maturity
NIST webinar, app rationalization for Federal Cloud Smart policy, Risk Mgmt Maturity report, and Davos
Always Mistrust New Risk Equations
There’s a cynical meme out there about mistrusting new (as well as proprietary) encryption methods. Unless its been around long enough to suffer the slings and arrows of academic and practitioner criticism, its probably not worth entrusting your security to it. I’m hereby extending this in a new corollary: All claims of “new” equationsContinue reading “Always Mistrust New Risk Equations”
The Risk Dr ® 