I really enjoy reading Duncan Watts work and I was blown away by how he assailed the concept of common sense that we all rely upon so readily:
What we don’t realize, however, is that common sense often works just like mythology. By providing ready explanations for whatever particular circumstances the world throws at us, common sense explanations give us the confidence to navigate from day to day and relieve us of the burden of worrying about whether what we think we know is really true, or is just something we happen to believe.
Questioning our perception of reality is pretty heavy and you can spend a lot of time working through that. But in my article I use this idea to break out of the crutch of using common sense to manage risk.
You can read the full article on the @ISACA Newsletter site here.
The final post of the interview/blog series I did with the FAIR Institute was posted last night.
Part 2 of the interview/blog series I did with the FAIR Institute was posting this morning.
The folks over at the FAIR Institute were nice enough to interview me recently and turn it into a series of blog posts. Part 1 is up right now and sets the stage for how to assess quality in your Cyber Risk assessments.
In this month’s ISSA Journal, my colleagues and I wrote about Risk Forecast Accuracy. This is a practice that all mature risk functions should pursue and we offer an approach that is relatively straightforward and practical in its application.
If we accept that risk is a statement about the future, then its important to also measure how well we did at forecasting these bad things. Its a job that requires staying up to date on what is happening in the industry and to what extent it will apply to your specific organization. It provides not only a good measure of how well you did, but also a foundation upon which you can base what your risk should be going forward.
Risk work is never complete; continuous improvement should be our goal. Embrace being incomplete.