The Wall Street Journal recently referenced a research report published by Ponemon Institute entitled The True Cost of Compliance With Data Protection Regulations. After reading the report I’ve come to the conclusion that although the research objective was admirable, it completely missed the target.
When I was recently asked to write a blog post making cyber and technology risk predictions for 2018, I balked. If you’ve read (and you should read) Superforecasting: The Art and Science of Prediction (Dan Gardner and Philip Tetlock), you’ll understand why.
On his recent FAIR Institute Cyber Risk Workgroup Call (membership required), FAIR model creator Jack Jones fielded this question: If you had to judge an organization in terms of how well it manages risk using just one metric, what one metric would you use?
Jack Jones…creator of the FAIR model (that’s Factor Analysis of Information Risk)…author of the FAIR book Measuring and Managing Information Risk: A FAIR Approach…chairman of the FAIR Institute…and the leading evangelist for effective risk measurement based on critical thinking. For a quick education on Jack’s thinking and the FAIR approach to risk, check out this reading list of Jack’s 10 most popular writings on the FAIR Institute blog.