The Zone of Essential Risk

Bruce and Bob Blakley ran into each other at a summit and had an interesting discussion on fraud pattern and use of escrow agents. The outcome was what Bob calls a "zone of essential risk".

Bob concluded that there are only three ways to avoid fraud - make your transactions smaller, make your transactions bigger, or make your transactions more frequent. Overall, what he advises is to not order risk "medium-rare".

In my opinion, Bob's theory can also be applied to Risk Assessment calculation (likelihood-impact analysis). Going with his logic, if I map Transaction size to impact and reversed map frequency to likelihood, "medium-frequent" will be the most costly to manage and should be given highest priority. GREAT!

Use the Economic Downturn to Get Your Foot in the IT Governance Door

Another nice post by Steve - PPM provides the means for organizations to ensure they invest in the optimal efforts and endeavors to meet their goals and fulfill their strategies. After speaking to thousands of people and visiting dozens of individual companies, I have seen very few enterprises that have mastered this discipline.

Risk Management’s Role in Corporate Defense

Although the term corporate defense may be somewhat intuitively understood, its precise meaning can vary from individual to individual, and as a result its priority (both from organization to organization, and indeed within an organization) can also vary. More...

Better metrics needed for security

The security industry has done a poor job of finding ways for companies to measure their security, but that does not mean that collecting data is not valuable, the former head of the U.S. Department of Homeland Security's cyber group told attendees at the SOURCE Boston conference on Thursday. More...

Reduce your risk of becoming a Cybercrime victim

Cybercrime is generally recognized as criminal activity in which a computer or network is an essential part of the crime. While everyone is suspicious of unsolicited e-mails and spam, these techniques continue to be successful in victimizing many Canadians. More..

Rethinking Compliance

The first step is to understand what will influence the shape of your compliance programme. No doubt a history of past regulatory problems can encourage greater focus on the nature of the programme: escalating cartel fines for repeat offenders under EU rules can be horribly costly. More...

Cybersecurity Hearing Prompts Calls For Leadership, Laws

Halfway into a 60-day review of U.S. cybersecurity policy, lawmakers and tech industry experts are expressing alarm about the state of the nation's cyberdefenses and hunger for leadership in the unacknowledged cyberwar against America. More...

Is information security compliance really a cost center?

No. Absolutely and unequivocally not. I am drawing the line in the sand. Business leaders need to understand there is no more need for proper security to justify itself over and over again. It saves you time and money (period). More...

Blaming the user is easy – but it's better to bypass them altogether

People regularly don't do things they are supposed to: changing the oil in their cars, going to the dentist, replacing the batteries in their smoke detectors. Why? Because people learn from experience. More...