“There is a certain uselessness in saying an organization does not want to accept high risk.” My latest @ISACA article was published and as I was re-reading this line it resonated with me even more. You have to have more fidelity in how you define risk appetite for it to be useful. More tips onContinue reading “Applied Risk Appetite”
Tag Archives: risk-based decision making
Using Economics to Diagnose Security Model Failure
Many information security practitioners labor daily to increase security for the organizations in which they work. The task itself seems beset with obstacles. On the one hand, there is the need to acquire security funding from executives that are distracted from security by the sturm und drang of the daily operation of the business, temperedContinue reading “Using Economics to Diagnose Security Model Failure”
Knuckle Busters
Where I live, we have been experiencing a lot of severe weather and with it, power outages. Its always fascinating to students of risk to watch how organizations behave in these scenarios. Especially interesting are how retail establishments deal with payment issues. I entered an office supply store the other day to purchase some equipmentContinue reading “Knuckle Busters”
The Risk Dr ® 