Risk managers are always seeking to address the cybersecurity and technology risks that matter most to their organizations. But you can’t analyze and prioritize what you don’t identify.
David Musselwhite
Recent Posts
Whether you’ve just been introduced to FAIR, recently completed RiskLens’ FAIR training, or learned about FAIR through self-study, pursuing the Open FAIR Certification is a worthwhile goal. As more large companies and regulatory bodies accept FAIR as a leading methodology for quantitatively analyzing risk, the Open FAIR Certification is becoming increasingly valuable.
Take a look at the course offerings of most top-tier business schools and you’ll find listings like “Applied Business Forecasting,” where students “acquire hands-on experience with building and applying forecasting models to actual data on sales, inventories, income, earnings per share, and other variables widely encountered in business
“Everyone dislikes novelty, and experts tend to be over-critical of proposals in their own domain.” This is the plainly-stated conclusion of a fascinating blind study wherein expert medical researchers were asked to evaluate new research proposals, some in other medical specialties and some in the areas in which they were experts. “New ideas got worse scores from everyone, but they were particularly punished by experts.”
The MIT Technology Review recently published an article about what they called “cyber threats.” While the article identifies trending attack methods and scenarios to be concerned about, none of the things that made the list are actually threats.
“You are clearly out of compliance with a federal law.” When you, as a risk management professional, hear this, what is your first reaction?
A. “Yikes! We better fix that immediately!”
B. “That sounds like a problem for the Compliance Department?”
C. “So what? The government has it’s hand in everything, let us run our business!”
D. “Hmm…let’s perform a risk analysis and see if we should be concerned.”
