-
I’m so excited to announce the release of CTRL-ALT-RISK, my new book that compiles years of work into one accessible collection. This anthology features short essays I originally wrote for the @ISACA® Newsletter, offering practical tips and insights for navigating the complex world of cyber risk management. Whether you’re a cybersecurity veteran or just beginning…
-
Earlier this year, I had the opportunity to reflect on lessons I learned from an unlikely source: a class I took on Plant Pathology. As part of my academic journey, the class explored how plants thrive in challenging environments, defend themselves against threats, and adapt to changing conditions. The parallels to cybersecurity were hard to…
-
Many organizations mistakenly believe they need extensive data and complex systems for Cyber Risk Quantification (CRQ). This article advocates for early adoption of quantitative risk measurement, starting small and evolving over time. By abandoning outdated qualitative ratings, organizations can access valuable insights, enhance decision-making, and achieve greater resilience in their risk programs from the outset.
-
I’m pleased to share my latest article in the ISACA Journal, titled “From Measurement to Management: Integrating Cyberrisk Quantification into Risk Governance.” In this piece, I explore how the newly updated NIST Cybersecurity Framework 2.0, with its focus on governance, is driving critical feedback loops between cyber operations and executive decision-making. In particular, I delve…
-
I recently wrote an article for the ISSA Journal discussing the significant shifts in U.S. cyber governance after the recent Supreme Court decisions that overturned the 1984 Chevron Deference precedent. These rulings now require courts to interpret legislation more literally, leading to uncertainty about the future of cyber regulations. However, it’s important to understand the…
·
-
My latest piece, “Material Matters: The SEC’s Cyber Disclosure Reality Check,” has been published in @ISACA’s newsletter. With the SEC’s new cyber disclosure requirements shaking up the industry, this article dives deep into the implications for cybersecurity and risk management professionals. It explores how these regulations will affect the disclosure of material cyber risks (and…
-
I’m really excited to share this one. The inspiration for this article was courtesy of a good friend who was venting about work. I connected their troubles with something I dug up from my latent interest in folklore. Long story short, the risk department shouldn’t be accepting risk on behalf of the business. I hope…
-
In my latest column for the @ISACA newsletter, I delve into the complex interplay between common sense and cyber security.
-
In the realm of cyber risk quantification, it’s a common belief that emotions should be kept out of the risk assessment and decision-making processes. Certainly, there are valid concerns associated with the influence of emotions, which cannot be overlooked. However, it’s important to recognize that emotions do have a rightful place in risk management. In…
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
The Risk Dr ® 