Let’s talk DREAD (the mnemonic threat assessment framework, not the overwhelming feeling of despair associated with your reoccurring 4:30 p.m. Friday meeting). So, what is DREAD?
In traditional board of directors committee structure, each of the board’s five main functions (strategy, executive selection and compensation, governance, audit, risk and compliance) is assigned to a different committee, except one: risk, long handled by the audit committee.
FAIR expert, Director of Technology Risk at Lending Club, and chair of the San Francisco Bay Area Chapter of the FAIR Institute, Tony Martin-Vegue is always at the cutting edge of thinking on cyber risk analysis.
In a video interview just out on eWeek, titled “RSA Taking a FAIR Approach to Defining Cyber-Risk”, RSA Chief Technology Officer Zulfikar Ramzan discusses what he calls the “exciting” new direction for RSA Archer: “cyber risk economics and cyber risk quantification.
With more and more companies building their cyber risk management programs on FAIR, hiring a certified FAIR analyst can get competitive. The FAIR Institute is excited to launch the our Job Board to connect employers with Institute members who are FAIR-certified analysts looking for their next career move.
A few days ago I had the privilege of providing the opening keynote address at an IANS event in Dallas. If you’re not familiar with IANS (Institute for Applied Network Security), I encourage you to look into it as I believe it serves a very useful purpose and is working hard to be forward-looking. Regardless, one of the questions that was discussed at this event was how much of a CISO’s focus should be on business versus technology.
“Everyone dislikes novelty, and experts tend to be over-critical of proposals in their own domain.” This is the plainly-stated conclusion of a fascinating blind study wherein expert medical researchers were asked to evaluate new research proposals, some in other medical specialties and some in the areas in which they were experts. “New ideas got worse scores from everyone, but they were particularly punished by experts.”
For a long time, humans have used various organisms to help them detect dangerous environmental conditions. Animals used for this purpose are called ‘Sentinel Species’ by scientists -- the best example is the use of caged canaries to detect dangerous levels of carbon monoxide in coal mines.
If you haven’t heard already, we are getting ready to host the third annual FAIR Conference (FAIRCON18) at Carnegie Mellon University in Pittsburgh, Pennsylvania, on October 16 -17, 2018.