Yesterday, I was re-reading the FAIR book, Measuring and Managing Information Risk: A FAIR Approach, and something jumped out at me that I’d forgotten the first time I’d read it. The notion of getting hooked on the possibility of an event. Of course, the FAIR book poo-poos all over the qualitative risk assessment – and, […]
Boys, wolves and Chicken Little
Folktales and fables are ways to make sure we learn life’s essential lessons both easily and at an early age. And two of the ones that I think are most relevant to what we do as security professionals are The Boy Who Cried Wolf and Chicken Little. Quick refreshers might be in order, so here […]
Staring down the red-eyed monsters
Tonight I watched my son have a white-hot meltdown. It’s never happened before, but then again, he’s never been stuck in the house with the rest of us for going on 7 weeks now either. So, I have little doubt that a lot of the frustration and fears about what’s happening came out all at […]
“Good math” vs. “bad math” in risk assessments
A long time ago, I heard someone say: “Lottery tickets are a tax for people who are bad at math.” Which is pretty accurate. Have I ever bought one? Well, yeah—but as a conscious choice in a game of “Wow, wouldn’t it be really funny if I won $18 gazillion,” rather than, “I can’t pay […]
The key to demonstrating security value
One of the toughest challenges we face as security professionals is proving the value of what we do. I mean, so many people have the attitude that basically, “We get paid when nothing happens.” And, to a point, that is true. If we’re doing our jobs correctly, then things will go smoothly. However, things going […]
- « Previous Page
- 1
- …
- 5
- 6
- 7
- 8
- 9
- …
- 56
- Next Page »