build.jpeg

How to write good risk scenarios and statements

| | Quantitative Risk
Risk management is both art and science. There is no better example of risk as an art form than risk scenario building and statement writing. Scenario building is the process of identifying ...
Sisyphus (1548–49) by Titian

Optimizing Risk Response, Unfiltered

| | Quantitative Risk
I mentioned in a previous blog post that I just wrapped up two fairly large projects for ISACA: a whitepaper titled “Optimizing Risk Response” and a companion webinar titled “Rethinking Risk Response.” ...
Photo by Marc-Olivier Jodoin on Unsplash

ISACA’s Risk Response Whitepaper Released

| | Quantitative Risk
I recently wrapped up a true labor of love that occupied a bit of my free time in the late winter and early spring of 2021. The project is a peer-reviewed whitepaper ...
elephant.jpeg

The Elephant in the Risk Governance Room

Effective risk governance means organizations are making data-driven decisions with the best information available at the moment. The elephant, of course, refers to the means and methods used to analyze and visualize ...
Image credit:    "Every family has a black sheep somewhere!"    by    foxypar4    is licensed under    CC BY 2.0

When the Experts Disagree in Risk Analysis

Some variability between experts is always expected and even desired. One expert, or a minority of experts, with a wildly divergent opinion, is a fairly common occurrence in any risk analysis project ...
"Baseball Bats, MoMA 2, New York"  by  Rod Waddington  is licensed under  CC BY-SA 2.0

The Sweet Spot of Risk Governance

Think of risk behavior as a baseball bat. A batter should not hit the ball on the knob or the end cap. It is wasted energy. One also does not want to ...
"extreme horizon"  by  uair01  is licensed under  CC BY 2.0

Risk modeling the vulnerability du jour, part 2: Forward-looking risk registers

This post is the second of a two-part series on how to frame, scope, and model unusual or emerging risks in your company's risk register. Part 1 covered how to identify, frame, ...
The Best of Miss Cleo

Risk modeling the vulnerability du jour, part 1: Framing

Every few months or so, we hear about a widespread vulnerability or cyber attack that makes its way to mainstream news. Some get snappy nicknames and their very own logos, like Meltdown, ...
Wagon of Fools by Hendrik Gerritsz Pot, 1637

Cryptocurrency is starting to feel like the 1637 Dutch tulip market

Bitcoin and the 17th-century Dutch tulip market are starting to have more in common than one would think. The story begins in 17th century Holland when the demand for tulips, fueled by ...
Risk management pioneers: The New Lloyd's Coffee House, Pope's Head Alley, London

Risk Mythbusters: We need actuarial tables to quantify cyber risk

| | Quantitative Risk
There are many myths about cyber risk quantification that have become so common, they border on urban legend. The idea that we need vast and near-perfect historical data is a compelling and ...