The MIT Technology Review recently published an article about what they called “cyber threats.” While the article identifies trending attack methods and scenarios to be concerned about, none of the things that made the list are actually threats.
The term “Black Swan event” has been part of the risk management lexicon since its coinage in 2007 by Nassim Taleb in his eponymous book titled The Black Swan: The Impact of the Highly Improbable.
Tips and insight from Jack Jones and Jack Freund, authors of the FAIR book...
The Securities and Exchange Commission’s new guidance on cyber risk disclosure has shaken up infosec teams, C-suiters and board members at public companies over the past two weeks.
Reputation loss can kill a company; just look at the Weinstein Co., once a leading independent film studio, that went broke after 60+ actresses accused Harvey Weinstein of sexual harassment and assault. The resulting lawsuits and cancelled deals made the company unsaleable even after Weinstein exited.
As cyber risk poses greater long-term impact, investors and regulatory bodies are demanding a higher standard for disclosure. This post is republished from the blog at Evolver.
An interview with James Lam, Director at E*TRADE Financial, and Chair of the firm’s risk oversight committee, offers some timely advice for an era when cybersecurity has risen to the top of the agenda in the boardroom
I had heard that SIRACon, the annual event hosted by the Society of Information Risk Analysts, was one of the two big opportunities of the year to hear the best thinking – and have the best hallway conversations – about risk analysis and risk management (FAIR Institute’s FAIRCON is the other).
The North Carolina chapter of the FAIR Institute launches with a meeting on Thursday, February 22, in Charlotte, co-chaired by La’Treall Maddox of Cisco Systems, Inc., along with David Sheronas from Bank of America. La’Treall is Strategy Risk Manager for Cisco’s Security & Trust Organization (S&TO), and the leading FAIR evangelist at the company, which is making a major push on risk quantification;
One of my final initiatives prior to leaving public accounting and entering my new role in risk management was helping organizations prepare for the changes introduced by AICPA in the SSAE 18 audit standard, which went into effect in May 2017.
Simply put, when Industrial Control System (ICS) cyber risk is accurately modeled, measured, quantified and normalized with mechanical / industrial operational risk, it is then demystified.