Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: risk

Cybersecurity Risk Metrics … Why Don’t They Get It?

– The problem with cybersecurity is the metrics that are used to assess and manage security risks. In November 2008, I published an article “Accounting for Value and Uncertainty in Security Metrics,” in ISACA Journal, which subsequently won the 2009 Michael P. Cangemi Best Book/Best Article…

Is Risk Avoidance the Key?

– My answer to this question is a resounding “yes.” But I don’t think that is the general view of cybersecurity professionals. After all, if business, government and other organizations pursued such a course, what would remain for cybersecurity folks to do? If you avoid the risk, then you…

Security, Safety and the “Wall of Constricted Thinking”

– There is an interesting article by Jack Hitt in “The Idea” column in the SundayBusiness section of The New York Times of August 18, 2013. It is about how a newly-minted astrobiologist, Meredith Perry, came up with an idea for charging devices wirelessly by combing through concepts from a…

Run More Risk Models Faster? … Maybe

– Jim Goodnight, the co-founder and CEO of the SAS Institute has suggested (see Penny Crosman’s March 28, 2013 article “The Trouble with Banks’ Risk Models: Q&A with the Chief of SAS,” at…

Risk and Human Frailty

– My September 12, 2011 BlogInfoSec column “Risk Management – Scoring vs. Monte Carlo vs. Scoring” was about the subjectivity of risk assessments, where the term “subjectivity” was defined as one’s personal view of particular risks. I received some considerable push-back from the likes…