Quantitative Risk
How to write good risk scenarios and statements
Risk management is both art and science. There is no better example of risk as an art form than risk scenario building and statement writing. Scenario building is the process of identifying ...
Optimizing Risk Response, Unfiltered
I mentioned in a previous blog post that I just wrapped up two fairly large projects for ISACA: a whitepaper titled “Optimizing Risk Response” and a companion webinar titled “Rethinking Risk Response.” ...
ISACA’s Risk Response Whitepaper Released
I recently wrapped up a true labor of love that occupied a bit of my free time in the late winter and early spring of 2021. The project is a peer-reviewed whitepaper ...
The Elephant in the Risk Governance Room
Effective risk governance means organizations are making data-driven decisions with the best information available at the moment. The elephant, of course, refers to the means and methods used to analyze and visualize ...
When the Experts Disagree in Risk Analysis
Some variability between experts is always expected and even desired. One expert, or a minority of experts, with a wildly divergent opinion, is a fairly common occurrence in any risk analysis project ...
The Sweet Spot of Risk Governance
Think of risk behavior as a baseball bat. A batter should not hit the ball on the knob or the end cap. It is wasted energy. One also does not want to ...
Risk modeling the vulnerability du jour, part 2: Forward-looking risk registers
This post is the second of a two-part series on how to frame, scope, and model unusual or emerging risks in your company's risk register. Part 1 covered how to identify, frame, ...
Risk modeling the vulnerability du jour, part 1: Framing
Every few months or so, we hear about a widespread vulnerability or cyber attack that makes its way to mainstream news. Some get snappy nicknames and their very own logos, like Meltdown, ...
Cryptocurrency is starting to feel like the 1637 Dutch tulip market
Bitcoin and the 17th-century Dutch tulip market are starting to have more in common than one would think. The story begins in 17th century Holland when the demand for tulips, fueled by ...
Risk Mythbusters: We need actuarial tables to quantify cyber risk
There are many myths about cyber risk quantification that have become so common, they border on urban legend. The idea that we need vast and near-perfect historical data is a compelling and ...