Tag: risk
-
Sometimes, the organization you work for will need to make budget cuts. And sometimes that means cuts to the security budget. How that should be handled is the subject of my latest @ISACA column.
-
My latest @ISACA article posted today. I was really pleased with this one as it uses an easily understandable metaphor to call out the often experienced desire of people to live life without risk (as evidenced by statements such as “We don’t accept any risk…”). Take a look and let me know what you think.…
-
The final post of the interview/blog series I did with the FAIR Institute was posted last night.
·
-
Part 2 of the interview/blog series I did with the FAIR Institute was posting this morning.
·
-
The folks over at the FAIR Institute were nice enough to interview me recently and turn it into a series of blog posts. Part 1 is up right now and sets the stage for how to assess quality in your Cyber Risk assessments.
·
-
In 1935, Austrian physicist Erwin Schrödinger devised the thought experiment known as Schrödinger’s Cat. It’s a gruesome but pretend experiment where we place a cat in a cage (sometimes a box) with a device that could randomly release a poison that is capable of killing the cat. However, it may also never release the poison…
·
-
In my latest @ISACA column, I tackle the problem of project triage. Its a pernicious problem that many security departments have to manage: we have to check everything currently in place, yet new stuff is being added all the time. I address this problem from a risk perspective: we need to allocate our scarce security…
-
I really enjoyed Bruce Schneier’s recent post on Code Yellow. It inspired me to write about it in the context of personal self defense (and its parallels to the Japanese term zanshin). I disagree with Bruce’s opinion that being in Code Yellow generally is a bad thing (at least, that’s the impression I got from his piece).…
-
On 27 June 2014, I delivered the Commencement Address to the graduating class at DeVry University Charlotte. I was honored to be asked by Dr. Regina Campbell. I didn’t post the address here previously, but I talk about risk so I thought it might be interesting to my followers here. Enjoy! Thank you to Dr.…
-
Organizations are increasingly furthering their goals through reliance on suppliers conducting critical work. In support of this, information security departments routinely conduct security assessments of those suppliers in order help minimize risk in their supply chains. These assessments usually consist of some combination of questionnaires, onsite observations, testing, and interviews. Unfortunately, such assessment routines tend…
The Risk Dr ® 