Risk's Rewards

By Derek Slater
About this Blog:

Enterprise risk management: All hazards, measurement, governance

Risk's Rewards

Two great reads on risk management

March 01, 2013 |   Two recent articles on CSOonline can help expand your knowledge of risk management:

Getting the Board on board

February 13, 2013 |   For entertainment I troll several LinkedIn groups, including Enterprise Risk Management.

Recent risk discussions, here and there

January 28, 2013 |   First of all, if you missed COSO for CSOs, that's been our most focused ERM coverage in January on CSOonline.

Taking the broad view

January 07, 2013 |   In the introduction to this blog I mentioned two goals or criteria for "real" risk management: that it be more quantitative, and more holistic. Having covered the quantification angle most recently, I want to post to some recent CSOonline coverage of the broad view.

Risk management in HBR (and whether that's a good thing)

December 12, 2012 |   In a recent digital edition of CSO I noted that Security is occasionally susceptible to two afflictions:  1. Hype.  2. Semantic arguments.

Information security risk: A conversation with Adam Shostack

December 04, 2012 |   The New School of Information Security folks have been pushing for more quantifiable risk management for years.

Corporate ERM efforts undergoing radical change

November 06, 2012 |   Enterprise risk management (ERM) is shaking the corporate world -- perhaps because, as a recent study shows, the world is shaking up ERM

Measuring IT risk

October 31, 2012 |   What's the most-lamented difficulty in applying real risk management to security? Lack of hard numbers, of course. Particularly on the digital side of security. The old "actuarial table" problem. We don't know precise probabilities, can't accurately calculate impact costs,...

What has come before

October 23, 2012 |   Let me point to some prior coverage of risk management on CSO -- articles that, together, provide a practical foundation

Welcome to Risk's Rewards

October 16, 2012 |   This blog is about risk management from a security point of view. First thing to address is what "risk management" really means. I fear that the term is, for some, just the latest boilerplate nametag to slap on their regular old products and services. If that's the case, then it...

Browse CSO Blogs

See all CSO Blogs »

Recent Comments

RESOURCE CENTER