RISK & CYBERSECURITY

Resilience can be thought of as the ability to absorb shocks, adjust as needed and continue operation in the face of adversity. In other words, to meet your ...

Let’s assume general purpose quantum computers that can operate usefully at scale are coming. I think a reasonable timeframe is 15 years. There are massive e...

Chesterton's Fence is a cautionary tale to make sure that before you change things you actually understand their purpose. This is particularly important for ...

Risk quantification, in any field, is not an end in itself. It exists to compel some action. That action might be to drive decisions or simply to inform othe...

Not all risks are possible to fully mitigate in every context, so you need to record and manage those residual risks. These are often put into a risk registe...

The codebreaking and overall intelligence success of Bletchley Park in World War II is legendary. Ultra, along with broader Allied signals intelligence prowe...

In most organizations you are constantly upgrading your security controls. This is for many reasons, including: New threats induce higher risk exposure and r...

It can be irritating to receive e-mails from vendors during a time of crisis, like now, with the spin that their products can help. It is wrong, however, to ...

I have run organizations, large and small, local and remote, for many years. I have been the beneficiary (and victim) of many management and leadership appro...

In this coming decade there will be 5 major themes that differentiate great security programs, products, features and processes. These are different from ove...

I've been thinking more about mega trends applied to risk, specifically operational risk (people, process, technology & external events). Planning for these ...

Everyone is deluged with approaches from product and service vendors, small and large. Even vendors struggle to keep track of who their competitors are in an...