Okay, risk data nerds. Pay close attention. You lot think that qualitative risk management approaches are 'better' than heat maps. You listen to statistics people who write books about 'security' when they know fuck all about it. I often refer to the usual 1-5 'risk assessment' as the Peppa Pig approach, because that is pretty much the audience for it and the level of thinking behind the people who use it. That said, it has a lot more utility than a bunch of random numbers you pulled out of your ass, ran through a Monte Carlo simulation and now 'think' you have a 'scientific' approach. 🤣 FAIR? False Assumptions Interpreted Randomly, more like. If you like data, here's some for you. In England in September 2021, the biggest underlying cause of death was dementia and Alzheimers (11.2%). That was followed by heart disease. Is that useful to you? Does knowing the numbers tell you what you need to do or how exposed you are? I’m guessing not. They’re just numbers. Until they’re YOU. With a big enough data population, any event becomes not only probable but regular. A statistician can work out the odds of a punch in the mouth affecting a million statisticians. It's different when it's their nose on the receiving end. There are 8 billion people on the planet. That means that there should be 8000 people experiencing 'one in a million' events every single day. That's 2.9 million 'one in a million' events every year. That is precisely the difference between fucking about with irrelevant maths models and the reality of security protection. The focus is on you, not what 'might' happen. Deal with possibility. Ignore probability. You might even start doing the job you are paying for instead of playing 'kick the can' with the consequences. Read these books as a starter. https://lnkd.in/ezHJC72q
Dr Richard Diston’s Post
More Relevant Posts
-
Just a small, minor observation from the events of last week. Where the fuck was the 'risk management'? I don't just mean at Clownshite. I mean EVERYWHERE. Every year, Beasley and Branson release a report that demonstrates that organisations all over the world don't care about risk management. ERM isn't happening or isn't valued. Why do you think that is? Is it because they realise that it's all fantasy bullshit? All your heatmaps, loss distribution curves and finger-paintings are all utter nonsense. You know it. They know it. You might as well climb and ancient Greek mountain and ask a drugged teenage girl what the future holds. That is how all this started, right? I have been arguing for YEARS that we need to separate security practice from risk management. I have a rational argument for WHY. And for years, I have been ignored. My position is a little bit too 'real' and raw for most people. Yeah, the people who prefer to bullshit are afraid of people who learned and understood. How real and raw was life last week? Just asking. I guarantee you, nobody learned anything from it. Read this if you want an alternative to playing with dice and bullshitting. https://lnkd.in/ezHJC72q
Real Security Management
realsecuritydoctor.thrivecart.com
To view or add a comment, sign in
-
Trust is a key component of our digital lives. It plays a role in our personal as well as in our business lives. Organizations need to know who they can trust before entering into a relationship with a vendor. At least, that’s how it should be. In practice, though, a lot of time is wasted on things like vendor risk management. The existence of vendor risk management and its accompanying forms in itself isn’t a bad thing, according to Stamos. However, thinking that potential problems with some kind of product or system that is based upon tens or hundreds of millions of lines of code are going to be solved by someone filling out some kind of spreadsheet is far from realistic. We could not agree more Alex Stamos, “Trust is the Foundation of any relationship and allows us to move forward”.. Thank you for your insights.. Michael Francis, Jack Lai, Trevor Van Essen, Jason Duerden, Wayne Phillips, Elissa McGrath TOM SHAW
Trust and AI in cybersecurity: difficult but crucial to navigate (Alex Stamos, SentinelOne)
https://www.techzine.eu
To view or add a comment, sign in
-
Risk Management & Assurance Expert | I work with business leaders to strategically align risk management, strengthen risk culture & evaluate the effectiveness of control activities towards achieving objectives
Risks can no longer be evaluated in silos. Enterprise Risk Managers play a key role in identifying the interconnection between risks across different categories such as, Technology x Third party x Continuity x Reputation, and quantifying the collective impact on the business.
Council Post: Lessons From The Recent Global IT Outage
social-www.forbes.com
To view or add a comment, sign in
-
A 'routine' security update took out an estimated 9 million computers and is estimated to have cost $5.4bn in the US alone. Worth revisiting your risk management approach? 6-7 minute read. #riskmanagement #businessrisk #assurance #businessinterruption #risk
Risk management - a security update that affected 9m computers
https://www.think-beyond.co.uk
To view or add a comment, sign in
-
Join Critical Insight Tuesday, July 23, at 12:30 PM PT and 3:30 PM ET for a panel discussion on incident response readiness for critical infrastructure. What will be covered: The history of #supplychain attacks The methods for #managingrisk Key takeaways: Tools and techniques in #vendormanagement, incident response readiness, risk management practices, and ideas for identifying risk in critical supplies and suppliers. Registration link below 📨 #IR #incidentresponse #risk #infrastructure
Strategies for Managing Third Party Risks and Securing Partnerships in the Public Sector | Critical Insight
app.livestorm.co
To view or add a comment, sign in
-
GRC Expert | Privacy | Content Creator | IT Project Manager | Safeguarding Data and Systems| Ensuring Compliance to Regulatory Frameworks
I am thrilled to welcome you to the Mawumefa Kendeh blog, a dedicated space crafted with a singular passion: safeguarding data, systems, and, most importantly, people. My blog seeks to delve into the intricate landscape of information security, specifically within the domain of Security and Risk Management. Dissecting concepts related to Governance, Compliance, and Risk (GRC). This blog is not just another resource; it's a commitment to providing the information and insights I wish I had, when I was embarking on my own journey in information security. I will break down complex topics, making them easily digestible for all levels of expertise. Whether you're a seasoned professional or someone taking their first steps in the field, mawumefa.kendeh.com is your go-to destination for information security. We will also dive into the details of notable cybersecurity incidents that happened over the years, unraveling the entire lifecycle from breach to resolution. Learn practical lessons from each incident to strengthen your cybersecurity. Discover actionable strategies to prevent similar breaches and safeguard your digital assets. The digital landscape is constantly evolving, and so are the tactics employed by cybercriminals. At mawumefa.kendeh.com, I will keep you in the loop about the latest hacking methods and emerging threats. By staying informed, you empower yourself to proactively safeguard your data and online accounts. I invite you to join our community of like-minded individuals who share a passion for safeguarding digital landscapes. Let's engage in meaningful discussions, share experiences, and collectively enhance our understanding of information security. Together, let's navigate the ever-evolving landscape of Security and Risk Management, empowering ourselves and others along the way. Stay secure, stay informed! Signed- The Information Security Sentinel Mawumefa #informationsecurity #Governance #Risk #Compliance
Mawumefa
mawumefa.kendeh.com
To view or add a comment, sign in
-
By embracing zero trust and data-driven cybersecurity, organizations can meet urgent needs to strengthen risk management and resilience.
Zero Trust
boozallen.com
To view or add a comment, sign in
-
By embracing zero trust and data-driven cybersecurity, organizations can meet urgent needs to strengthen risk management and resilience.
Zero Trust
boozallen.com
To view or add a comment, sign in
-
By embracing zero trust and data-driven cybersecurity, organizations can meet urgent needs to strengthen risk management and resilience.
Zero Trust
boozallen.com
To view or add a comment, sign in
-
Talent Acquisition focused on matching Senior Managers/Senior Leaders with meaningful careers at Booz Allen Hamilton
By embracing zero trust and data-driven cybersecurity, organizations can meet urgent needs to strengthen risk management and resilience.
Zero Trust
boozallen.com
To view or add a comment, sign in