Dr Richard Diston’s Post

Okay, risk data nerds. Pay close attention. You lot think that qualitative risk management approaches are 'better' than heat maps. You listen to statistics people who write books about 'security' when they know fuck all about it. I often refer to the usual 1-5 'risk assessment' as the Peppa Pig approach, because that is pretty much the audience for it and the level of thinking behind the people who use it. That said, it has a lot more utility than a bunch of random numbers you pulled out of your ass, ran through a Monte Carlo simulation and now 'think' you have a 'scientific' approach. 🤣 FAIR? False Assumptions Interpreted Randomly, more like. If you like data, here's some for you. In England in September 2021, the biggest underlying cause of death was dementia and Alzheimers (11.2%). That was followed by heart disease. Is that useful to you? Does knowing the numbers tell you what you need to do or how exposed you are? I’m guessing not. They’re just numbers. Until they’re YOU. With a big enough data population, any event becomes not only probable but regular. A statistician can work out the odds of a punch in the mouth affecting a million statisticians. It's different when it's their nose on the receiving end. There are 8 billion people on the planet. That means that there should be 8000 people experiencing 'one in a million' events every single day. That's 2.9 million 'one in a million' events every year. That is precisely the difference between fucking about with irrelevant maths models and the reality of security protection. The focus is on you, not what 'might' happen. Deal with possibility. Ignore probability. You might even start doing the job you are paying for instead of playing 'kick the can' with the consequences. Read these books as a starter. https://lnkd.in/ezHJC72q

Living Security in the News on Security Info Watch. "With Unify's response orchestration capabilities I can put boundaries around aspects of human-related risk and then respond automatically across the enterprise when risky behaviors or events occur. " Martin Denis, ASU Information Security Specialist Human Risk https://hubs.la/Q02wyPfQ0

I am thrilled to welcome you to the Mawumefa Kendeh blog, a dedicated space crafted with a singular passion: safeguarding data, systems, and, most importantly, people. My blog seeks to delve into the intricate landscape of information security, specifically within the domain of Security and Risk Management. Dissecting concepts related to Governance, Compliance, and Risk (GRC). This blog is not just another resource; it's a commitment to providing the information and insights I wish I had,  when I was  embarking on my own journey in information security. I will break down complex topics, making them easily digestible for all levels of expertise. Whether you're a seasoned professional or someone taking their first steps in the field, mawumefa.kendeh.com is your go-to destination for information security. We will also dive into the details of notable cybersecurity incidents that happened over the years, unraveling the entire lifecycle from breach to resolution. Learn practical lessons from each incident to strengthen your cybersecurity. Discover actionable strategies to prevent similar breaches and safeguard your digital assets. The digital landscape is constantly evolving, and so are the tactics employed by cybercriminals. At mawumefa.kendeh.com, I will  keep you in the loop about the latest hacking methods and emerging threats. By staying informed, you empower yourself to proactively safeguard your data and online accounts. I invite you to join our community of like-minded individuals who share a passion for safeguarding digital landscapes. Let's engage in meaningful discussions, share experiences, and collectively enhance our understanding of information security. Together, let's navigate the ever-evolving landscape of Security and Risk Management, empowering ourselves and others along the way. Stay secure, stay informed! Signed- The Information Security Sentinel Mawumefa #informationsecurity #Governance #Risk #Compliance

Using the right vocabulary can make a huge difference when it comes to security influence: https://ow.ly/Kpt350SJIus . . #security #securityleadership #changemanagement #riskmanagement

As we prep to launch our new Human Risk Management platform in just a few weeks, check out Mimecast CEO Marc van Zadelhoff sharing his thoughts with ISMG on the challenges of mitigating human risk, the evolution of threats plus much more. Watch the full clip here -

By embracing zero trust and data-driven cybersecurity, organizations can meet urgent needs to strengthen risk management and resilience.

By embracing zero trust and data-driven cybersecurity, organizations can meet urgent needs to strengthen risk management and resilience.

By embracing zero trust and data-driven cybersecurity, organizations can meet urgent needs to strengthen risk management and resilience.

Risk is dynamic. It changes with time, technology, people, and a myriad of other factors. Yesterday's security reports and textbooks won't cut it. In the next Professor Risk LIVE, Daniel Young will discuss how to manage your organizational risk, including: - Modern risk strategies to endure your people and assets are protected against the threats of today. - Where technology can fit in your security measures and your budget. - Common pitfalls and money vacuums security professionals fall in today. Click below to register for the event! We look forward to seeing you there! https://hubs.li/Q02y-9tZ0 #risk #security #brandmanagement

By embracing zero trust and data-driven cybersecurity, organizations can meet urgent needs to strengthen risk management and resilience.