Tag Archives: risk

Risk and Security Regional Community Forum

Wipro/Edgile/ServiceNow me out to Silicon Valley to have a discussion on my project associated with my Vulnerability Governance program and we ended up being the headliner! It was pretty cool and I got to hang out with a coworker and … Continue reading

Posted in Security Blog | Tagged , , , , , , , , , , | Comments Off on Risk and Security Regional Community Forum

Updates to OpenFAIR

There’s an update to OpenFAIR and here’s the video on it. The update includes adding the NIST CSF 5 Functions around the 15 minute mark.

Posted in Security Blog | Tagged , , , , , , , , , | Comments Off on Updates to OpenFAIR

#PhoenixES3

I was part of a Panel to discuss Integrated Risk Management and Security Operations at the Optiv Enterprise Security Solutions Summit. It was a wonderful experience and I’d love to do it again.

Posted in Security Blog | Tagged , , , , , | Comments Off on #PhoenixES3

An Infographic to Implement an IT Governance, Risk, and Compliance Framework and a Risk Management Framework

I built an Infographic to Implement an IT Governance, Risk, and Compliance Framework and a Risk Management Framework. I do hope everyone finds it useful. A good solid framework is a critical foundation to lay for managing risk in businesses … Continue reading

Posted in Security Blog | Tagged , , , , , , , , , , , , | Comments Off on An Infographic to Implement an IT Governance, Risk, and Compliance Framework and a Risk Management Framework

RSA Archer and GRC

Yesterday I gave a presentation on RSA Archer and GRC at a lunch and learn. I got a lot of some lovely compliments. Topics were focused on Governance and Risk Frameworks, and processes.

Posted in Security Blog | Tagged , , , , , , | Comments Off on RSA Archer and GRC

Just Accept the Risk

Lately, there is a lot of risk management in my life.

Posted in Security Blog | Tagged , , , , | Comments Off on Just Accept the Risk

Risky? I Too Like to Live Dangerously

She said she was turned on by men who took risks . . .So he took the plastic off his iPhone screen. — 50 Nerds of Grey (@50NerdsofGrey) April 1, 2016

Posted in Security Blog | Tagged , , , | Comments Off on Risky? I Too Like to Live Dangerously

When Less Is More

I had a slightly engaging discussion regarding the scoring of impact, with human life being one of the factors. (Think a negative event with the factors being reputation, financial, property, human life as part of the equation) What value do … Continue reading

Posted in Security Blog | Tagged , , | Comments Off on When Less Is More

What is GRC?

Governance, Risk, and Compliance. A nice infographic.

Posted in Security Blog | Tagged , , , , | Comments Off on What is GRC?

Pragmatic Cyber Risk Quantification

ISC2 presents Jack Jones, founder of FAIR. Quantitative risk analysis is achievable, can be pragmatic, and can actually out-perform qualitative risk analysis in the face of complex issues like intelligent adversaries. Join Jack Jones, the original author of the Factor … Continue reading

Posted in Security Blog | Tagged , , , , , , | Comments Off on Pragmatic Cyber Risk Quantification