Two great reads on risk management

Two recent articles on CSOonline can help expand your knowledge of risk management:

Getting the Board on board

For entertainment I troll several LinkedIn groups, including Enterprise Risk Management.

Recent risk discussions, here and there

First of all, if you missed COSO for CSOs , that's been our most focused ERM coverage in January on CSOonline.

Taking the broad view

In the introduction to this blog I mentioned two goals or criteria for "real" risk management: that it be more quantitative, and more holistic. Having covered the quantification angle most recently, I want to post to some recent...

Risk management in HBR (and whether that's a good thing)

In a recent digital edition of CSO I noted that Security is occasionally susceptible to two afflictions: 1. Hype. 2. Semantic arguments.

Information security risk: A conversation with Adam Shostack

The New School of Information Security folks have been pushing for more quantifiable risk management for years.

Corporate ERM efforts undergoing radical change

Enterprise risk management (ERM) is shaking the corporate world -- perhaps because, as a recent study shows, the world is shaking up ERM

Measuring IT risk

What's the most-lamented difficulty in applying real risk management to security? Lack of hard numbers, of course. Particularly on the digital side of security. The old "actuarial table" problem. We don't know precise probabilities,...

What has come before

Let me point to some prior coverage of risk management on CSO -- articles that, together, provide a practical foundation

Welcome to Risk's Rewards

This blog is about risk management from a security point of view. First thing to address is what "risk management" really means. I fear that the term is, for some, just the latest boilerplate nametag to slap on their regular old...

Load More