First of all, if you missed COSO for CSOs, that’s been our most focused ERM coverage in January on CSOonline.Richard Steinberg helped create both the internal controls framework and the Enterprise Risk Management framework for COSO. Our interview with him was conducted by Bradley Schaufenbeul, director of information security at Midland States Bank.“The framework’s Application Techniques volume is a tool that security managers might want to look into, because there’s a wealth of knowledge for specific ways to apply risk management effectively,” Steinberg says. Other interesting and practical thoughts in the interview.I probably could have written a sexier headline for that article, eh. Oh well! Meanwhile, I’d like to point out two posts elsewhere relevant to ERM and security.Adam Shostack has interesting thoughts about the opportunity for cyberinsurance companies to gain competitive advantage by sharing their data, instead of hoarding it. (Adam just spoke to CSO recently about developments since he launched the New School of Information Security book and blog.) Also, David Ropiek has a post on Big Think about risk perception, or misperception. This may not be a new observation for security leaders; we know perceptions of risk are skewed in all sorts of ways. But it’s always interesting and potentially useful to see how these issues are being framed in mainstream discussions. Related content opinion Getting the Board on board Sean Lyons argues that the Board of Directors must see themselves as an active part of corporate defense - not the beneficiaries of it By Derek Slater Feb 13, 2013 8 mins Government IT Strategy opinion Risk management in HBR (and whether that's a good thing) Is ERM only about preventing downside? Or is there more to it than that? By Derek Slater Dec 12, 2012 2 mins IT Jobs IT Strategy IT Leadership opinion Information security risk: A conversation with Adam Shostack How has the landscape changed since publication of The New School of Information Security? By Derek Slater Dec 04, 2012 5 mins Data and Information Security IT Strategy opinion Corporate ERM efforts undergoing radical change Enterprise risk management (ERM) is shaking the corporate world -- perhaps because, as a recent study shows, the world is shaking up ERM By Derek Slater Nov 06, 2012 2 mins IT Strategy Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe