Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: COBIT

Risk Mismanagement – Scoring vs. Monte Carlo vs. Scoring

– I finally got to read Douglas Hubbard’s book “The Failure of Risk Management: Why It’s Broken and How to Fix It” (Wiley, 2009). As I have written in other columns about Hubbard’s prior book “How to Measure Anything: Finding the Value of Intangibles in Business” (Wiley, 2007; Second…

Who’s In Charge Here? The Problem of Information Security Governance

– A long-time friend of mine recently called with surprising, and sad, news.  “I’ve been laid off due to poor profits,” he said.  “I receive eight-month’s severance.  But if, at the end of eight months, I tell my ex-employer that I’m retired, I’ll get…

Your Information Security Program: It’s All About The Bones

– Welcome once again to the risk rack. This time on the risk rack I will be discussing the bones of an information security program namely the fundamental framework and standards around which you choose to build your program. As with any living and breathing creature the creature’s bone structure…