I was very fortunate to have the opportunity to share my thoughts on KRIs last week on The FAIR Institute’s website. I used the metaphor of Sentinel Species (think canaries in coal mines) to serve as an indicator of risk, but not of risk itself. That important distinction is one that I strongly feel is a difference we aren’t making in our identification and use of KRIs.
You can read the full article here.
I was interviewed for, and quoted in, this ISACA publication around Smart Contracts.
Upon reflection, what we are really seeing is just a continuation of the concept of Code = Law as pointed out by Lawrence Lessig in his 1999 book, Code and Other Law of Cyberspace.
The Smart Contracts doc is a free download (after registration) and can be found here:
My latest @ISACA article was published today. In it, I focus on the notion of where our authority comes from in Information Security. Too often, in my opinion, we rely on regulation as a source of “why” when articulating control requirements. I think this is dangerous and counter to the very nature of what an effective risk practitioner is.
Take a read and let me know your thoughts!
I’ve got a busy October speaking calendar this year!
I will be participating on a panel discussion at the inaugural FAIR Conference this year, as well as signing books with Jack Jones.
Should be a fun time! Be sure and stop by to say hello!
Sometimes, the organization you work for will need to make budget cuts. And sometimes that means cuts to the security budget. How that should be handled is the subject of my latest @ISACA column.
My latest @ISACA article posted today. I was really pleased with this one as it uses an easily understandable metaphor to call out the often experienced desire of people to live life without risk (as evidenced by statements such as “We don’t accept any risk…”). Take a look and let me know what you think.
The final post of the interview/blog series I did with the FAIR Institute was posted last night.