Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: risk

The Personalization of Risk

– I realized when I received several comments regarding my September 12, 2011 column “Risk Mismanagement – Scoring vs. Monte Carlo vs. Scoring” from Doug Hubbard and others, that I hadn’t been clear enough in my description of what I had termed “subjective risk.” It also seems that it…

The Security of Fools

– No, I’m NOT saying that security professionals are fools … far from it. But many of the folks whom they serve may well be overconfident in their judgments about security. Overconfidence in the face of undisputable evidence to the contrary is described in Daniel Kahneman’s article “The…

SEC-urity’s Catch 22

– On October 13, 2011, the Division of Corporation Finance (DCF) of the Securities and Exchange Commission (SEC) issued CF Disclosure Guidance: Topic No. 2 – Cybersecurity, available at http://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm . It provides the DCF’s “views…

Risk Mismanagement – Scoring vs. Monte Carlo vs. Scoring

– I finally got to read Douglas Hubbard’s book “The Failure of Risk Management: Why It’s Broken and How to Fix It” (Wiley, 2009). As I have written in other columns about Hubbard’s prior book “How to Measure Anything: Finding the Value of Intangibles in Business” (Wiley, 2007; Second…

Security Innovation – Trying to Change the Game

– It’s never pleasant to receive a somewhat negative book review, but such reviews often point the way to future improvements. As Theodore Roosevelt once said, “It is hard to fail, but it is worse never to have tried to succeed.” So that’s how I felt about Robert M. Slade’s review of the…