I was very fortunate to have the opportunity to share my thoughts on KRIs last week on The FAIR Institute’s website. I used the metaphor of Sentinel Species (think canaries in coal mines) to serve as an indicator of risk, but not of risk itself. That important distinction is one that I strongly feel isContinue reading “ICYMI: Cyber Risk Sentinels”
Tag Archives: risk
Smart Contracts
I was interviewed for, and quoted in, this ISACA publication around Smart Contracts. Upon reflection, what we are really seeing is just a continuation of the concept of Code = Law as pointed out by Lawrence Lessig in his 1999 book, Code and Other Law of Cyberspace. The Smart Contracts doc is a free downloadContinue reading “Smart Contracts”
Risk and Regulation
My latest @ISACA article was published today. In it, I focus on the notion of where our authority comes from in Information Security. Too often, in my opinion, we rely on regulation as a source of “why” when articulating control requirements. I think this is dangerous and counter to the very nature of what anContinue reading “Risk and Regulation”
Speaking at the Inaugural FAIR Conference
I’ve got a busy October speaking calendar this year! I will be participating on a panel discussion at the inaugural FAIR Conference this year, as well as signing books with Jack Jones. Should be a fun time! Be sure and stop by to say hello!
The Risk of Cyber Austerity
Sometimes, the organization you work for will need to make budget cuts. And sometimes that means cuts to the security budget. How that should be handled is the subject of my latest @ISACA column.
The Dose Makes the Poison
My latest @ISACA article posted today. I was really pleased with this one as it uses an easily understandable metaphor to call out the often experienced desire of people to live life without risk (as evidenced by statements such as “We don’t accept any risk…”). Take a look and let me know what you think.Continue reading “The Dose Makes the Poison”
Assessing Cyber Risk Quality pt. 3
The final post of the interview/blog series I did with the FAIR Institute was posted last night.
Assessing Cyber Risk Quality pt. 2
Part 2 of the interview/blog series I did with the FAIR Institute was posting this morning.
Assessing Cyber Risk Quality pt. 1
The folks over at the FAIR Institute were nice enough to interview me recently and turn it into a series of blog posts. Part 1 is up right now and sets the stage for how to assess quality in your Cyber Risk assessments.
Schrödinger’s Christmas
In 1935, Austrian physicist Erwin Schrödinger devised the thought experiment known as Schrödinger’s Cat. It’s a gruesome but pretend experiment where we place a cat in a cage (sometimes a box) with a device that could randomly release a poison that is capable of killing the cat. However, it may also never release the poisonContinue reading “Schrödinger’s Christmas”
The Risk Dr ® 