Dashboards. Metrics. Data. Everybody has them; most don’t know how to use them effectively. It’s a bold statement; but, according to Jack Jones and Jack Freund it is a truism in the risk management field.
In his post for the FAIR Institute Blog, How to Delegate Risk, Steve Poppe gives readers a great sense of how risks, expenses and budget decisions roll up. We're going to follow that to consider how risk treatment decisions are appropriated. Let’s look at it through the lens of the CISO.
This time last year we provided you with a list of five must-have resources to delve into risk. If you haven’t invested 30 hours into these books, there’s no better time than now!
The most common question I’m asked about quantitative risk analysis is "where do you get data?" That’s akin to asking a surgeon "where do you make the incision?"
Any surgeon would ask the follow-up question: for which surgery? The closer the surgery is to their specialty, the more precise a response you will get.
My response for "where do you get the data?" is usually to ask "for what analysis?"
What are the must have resources for people new to operational and cyber risk?