Category: Risk Management

January 22nd, 2018 by John

The World Economic Forum has released its annual Global Risks Report, which prominently addresses cyber risk. They’ve also released a Cyber Resilience Report, which comes in two parts: “a reference architecture for public-private collaboration, and cyber policy models.” The playbook, intended to be adaptable to any nation’s values and interests, takes up fourteen policy topics and analyzes them in terms of their impact on five areas: security, privacy, economic value, accountability, and fairness. Read More

Posted in Infosec, Risk Management

June 12th, 2017 by John

Lookout mobile security company develops the Mobile Risk Matrix for looking at the spectrum of mobile security risks for your enterprise and to help in developing a comprehensive strategy. I think this basic framework could be extended to other areas, besides mobile.

Posted in Cool-Stuff, Risk Management

May 10th, 2017 by John

The author and RAND researchers recently wrote a paper detailing their findings on how cyber insurers understand and price risk.

Gaining insight into how cyber insurers understand and price risk

Posted in Infosec, Risk Management

April 19th, 2017 by John

This article has some very good insights regarding what board members say they want and what they are getting from CISOs. They still tend to be skeptical of risk presented as loss predictions in dollars. Storytelling still has an important role to play.

Posted in Infosec, Risk Management

April 3rd, 2017 by John

A very good write up on how the FAIR quantitative method can be used to help COSO succeed.

Posted in Infosec, Risk Management