Just a small, minor observation from the events of last week. Where the fuck was the 'risk management'? I don't just mean at Clownshite. I mean EVERYWHERE. Every year, Beasley and Branson release a report that demonstrates that organisations all over the world don't care about risk management. ERM isn't happening or isn't valued. Why do you think that is? Is it because they realise that it's all fantasy bullshit? All your heatmaps, loss distribution curves and finger-paintings are all utter nonsense. You know it. They know it. You might as well climb and ancient Greek mountain and ask a drugged teenage girl what the future holds. That is how all this started, right? I have been arguing for YEARS that we need to separate security practice from risk management. I have a rational argument for WHY. And for years, I have been ignored. My position is a little bit too 'real' and raw for most people. Yeah, the people who prefer to bullshit are afraid of people who learned and understood. How real and raw was life last week? Just asking. I guarantee you, nobody learned anything from it. Read this if you want an alternative to playing with dice and bullshitting. https://lnkd.in/ezHJC72q
Dr Richard Diston’s Post
More Relevant Posts
-
Okay, risk data nerds. Pay close attention. You lot think that qualitative risk management approaches are 'better' than heat maps. You listen to statistics people who write books about 'security' when they know fuck all about it. I often refer to the usual 1-5 'risk assessment' as the Peppa Pig approach, because that is pretty much the audience for it and the level of thinking behind the people who use it. That said, it has a lot more utility than a bunch of random numbers you pulled out of your ass, ran through a Monte Carlo simulation and now 'think' you have a 'scientific' approach. 🤣 FAIR? False Assumptions Interpreted Randomly, more like. If you like data, here's some for you. In England in September 2021, the biggest underlying cause of death was dementia and Alzheimers (11.2%). That was followed by heart disease. Is that useful to you? Does knowing the numbers tell you what you need to do or how exposed you are? I’m guessing not. They’re just numbers. Until they’re YOU. With a big enough data population, any event becomes not only probable but regular. A statistician can work out the odds of a punch in the mouth affecting a million statisticians. It's different when it's their nose on the receiving end. There are 8 billion people on the planet. That means that there should be 8000 people experiencing 'one in a million' events every single day. That's 2.9 million 'one in a million' events every year. That is precisely the difference between fucking about with irrelevant maths models and the reality of security protection. The focus is on you, not what 'might' happen. Deal with possibility. Ignore probability. You might even start doing the job you are paying for instead of playing 'kick the can' with the consequences. Read these books as a starter. https://lnkd.in/ezHJC72q
Real Security Management
realsecuritydoctor.thrivecart.com
To view or add a comment, sign in
-
Living Security in the News on Security Info Watch. "With Unify's response orchestration capabilities I can put boundaries around aspects of human-related risk and then respond automatically across the enterprise when risky behaviors or events occur. " Martin Denis, ASU Information Security Specialist Human Risk https://hubs.la/Q02wyPfQ0
Living Security announces orchestration for human risk management
securityinfowatch.com
To view or add a comment, sign in
-
GRC Expert | Privacy | Content Creator | IT Project Manager | Safeguarding Data and Systems| Ensuring Compliance to Regulatory Frameworks
I am thrilled to welcome you to the Mawumefa Kendeh blog, a dedicated space crafted with a singular passion: safeguarding data, systems, and, most importantly, people. My blog seeks to delve into the intricate landscape of information security, specifically within the domain of Security and Risk Management. Dissecting concepts related to Governance, Compliance, and Risk (GRC). This blog is not just another resource; it's a commitment to providing the information and insights I wish I had, when I was embarking on my own journey in information security. I will break down complex topics, making them easily digestible for all levels of expertise. Whether you're a seasoned professional or someone taking their first steps in the field, mawumefa.kendeh.com is your go-to destination for information security. We will also dive into the details of notable cybersecurity incidents that happened over the years, unraveling the entire lifecycle from breach to resolution. Learn practical lessons from each incident to strengthen your cybersecurity. Discover actionable strategies to prevent similar breaches and safeguard your digital assets. The digital landscape is constantly evolving, and so are the tactics employed by cybercriminals. At mawumefa.kendeh.com, I will keep you in the loop about the latest hacking methods and emerging threats. By staying informed, you empower yourself to proactively safeguard your data and online accounts. I invite you to join our community of like-minded individuals who share a passion for safeguarding digital landscapes. Let's engage in meaningful discussions, share experiences, and collectively enhance our understanding of information security. Together, let's navigate the ever-evolving landscape of Security and Risk Management, empowering ourselves and others along the way. Stay secure, stay informed! Signed- The Information Security Sentinel Mawumefa #informationsecurity #Governance #Risk #Compliance
Mawumefa
mawumefa.kendeh.com
To view or add a comment, sign in
-
Using the right vocabulary can make a huge difference when it comes to security influence: https://ow.ly/Kpt350SJIus . . #security #securityleadership #changemanagement #riskmanagement
Fast Facts: Vocabulary for Risk Management Influence
asisonline.org
To view or add a comment, sign in
-
As we prep to launch our new Human Risk Management platform in just a few weeks, check out Mimecast CEO Marc van Zadelhoff sharing his thoughts with ISMG on the challenges of mitigating human risk, the evolution of threats plus much more. Watch the full clip here -
Human Risk and Email Security: New Mimecast CEO's Vision
share.postbeyond.com
To view or add a comment, sign in
-
By embracing zero trust and data-driven cybersecurity, organizations can meet urgent needs to strengthen risk management and resilience.
Zero Trust
boozallen.com
To view or add a comment, sign in
-
By embracing zero trust and data-driven cybersecurity, organizations can meet urgent needs to strengthen risk management and resilience.
Zero Trust
boozallen.com
To view or add a comment, sign in
-
By embracing zero trust and data-driven cybersecurity, organizations can meet urgent needs to strengthen risk management and resilience.
Zero Trust
boozallen.com
To view or add a comment, sign in
-
Risk is dynamic. It changes with time, technology, people, and a myriad of other factors. Yesterday's security reports and textbooks won't cut it. In the next Professor Risk LIVE, Daniel Young will discuss how to manage your organizational risk, including: - Modern risk strategies to endure your people and assets are protected against the threats of today. - Where technology can fit in your security measures and your budget. - Common pitfalls and money vacuums security professionals fall in today. Click below to register for the event! We look forward to seeing you there! https://hubs.li/Q02y-9tZ0 #risk #security #brandmanagement
Professor Risk: Tips for Security and Risk Management | LinkedIn
linkedin.com
To view or add a comment, sign in
-
By embracing zero trust and data-driven cybersecurity, organizations can meet urgent needs to strengthen risk management and resilience.
Zero Trust
boozallen.com
To view or add a comment, sign in