ICYMI: Cyber Risk Sentinels

I was very fortunate to have the opportunity to share my thoughts on KRIs last week on The FAIR Institute’s website. I used the metaphor of Sentinel Species (think canaries in coal mines) to serve as an indicator of risk, but not of risk itself. That important distinction is one that I strongly feel is a difference we aren’t making in our identification and use of KRIs.

You can read the full article here.

Smart Contracts

I was interviewed for, and quoted in, this ISACA publication around Smart Contracts.

Upon reflection, what we are really seeing is just a continuation of the concept of Code = Law as pointed out by Lawrence Lessig in his 1999 book, Code and Other Law of Cyberspace.

The Smart Contracts doc is a free download (after registration) and can be found here:

http://www.isaca.org/smartcontracts

 

Risk and Regulation

My latest @ISACA article was published today. In it, I focus on the notion of where our authority comes from in Information Security. Too often, in my opinion, we rely on regulation as a source of “why” when articulating control requirements. I think this is dangerous and counter to the very nature of what an effective risk practitioner is.

Take a read and let me know your thoughts!

 

The Dose Makes the Poison

My latest @ISACA article posted today. I was really pleased with this one as it uses an easily understandable metaphor to call out the often experienced desire of people to live life without risk (as evidenced by statements such as “We don’t accept any risk…”). Take a look and let me know what you think.