This week, I’m at the Moscone center in San Francisco, learning from those who have learned the lessons through trials and tribulations and have experienced them in such a way that they have put them into practice, have gained passion about their rites of passage, and have decided to give a presentation on those such topics.
I’ve learned in the last two days that more people are starting to follow Jack Jones’ Factor Analysis of Information Risk, which was quoted in several presentations that I’ve attended. I really like this. Jack Jones taught me Factor Analysis of Information Risk. How awesome is that?
There has been some talks about aligning organizations to incorporate a Chief Information Risk Officer to stand parallel to the Chief Information Security Officer to have better conversations regarding business risks from technical risks. It’s a vision that many in my organization have already shared, without giving a name to that position. We tackle it as a group effort.
There has been some talks regarding better integration between Security Operations, who is doing the real monitoring and incident response and the Governance, Risk, and Compliance teams to increase the visibility of internal real threats to the senior level teams and the C level teams.
Though we are about half-way done, it seems pretty clear to me that the determination of analysis of risk is heading to be the FAIR model as a defacto standard. SWEET!!!
Here is some bits I wrote about Risk! A very good, and fairly short, read about qualitative/quantitative risks.
Also, throughout the expo, there is a sea of vendors pitching their products and services, trying to gather contacts, and really showing off the best they can do. It’s quite a site! Rami Malek from Mr. Robot was there.
Stay tuned for part 2.