How to Make Black Swans Extinct
and Why ISO31000 is the Weapon of Choice
Presented at the 2021 ISC2 Security Congress 18OCT21
We lack an agreed definition for cybersecurity and even worse, despite an international risk management standard endorsed by more than 160 nations, our profession uses multiple differing security risk management frameworks. If every employer, client and supplier has a different view of risk management, how can we expect to keep up with the bad guys, let alone beat them consistently? Even if your cybersecurity framework is best in the world, we all need to be in alignment. When 100 security professionals developed the Security Risk Management Body Of Knowledge, we integrated best practice from around the world. And it started with the ISO31000 Risk Management Guideline. This presentation is about applying ISO31000 principles, framework and process in the real cybersecurity world, and in the internet of things.
Five Insights Into Risk Management
These PowerPoint and PDF files contain the slides from my presentation at Risk Awareness Week 2020.
I started out with the intention of highlighting five key insights into risk management but the list grew to roughly 25 insights.
As a result the presentation is an intense information-rich journey through a collection of risk insights from the past 30 years of my risk management career. All a bit much for a 60 minute video, so I provided a list of additional videos, articles, books, and resources where you can find more information and supporting evidence. Hope you find it useful.
Enterprise Security Risk Assessment
This PowerPoint file contains the slides from my presentation at Protective Security In Government in October 2020. You can find the conference and the video presentation at: https://psgconference.com
It takes a slightly different focus from my usual presentations on Enterprise Security Risk Assessments (ESRA) and Enterprise Security Risk Management (ESRM). Rather than focus on the tactical process of an actual assessment, I chose to cover an overview of the four processes of an ESRA:
I also wanted to answer the age old question of (roughly) how much does it cost to conduct an ESRA, whether using a consultant such as myself, or in-house staff, or a combination thereof.
This is a presentation that I originally created some years ago. It is something of a precursor to the Risk Performance Benchmarking book but has some graphics and concepts that you might find useful.
Security Risk Management MasterClass 28 January 2020
These three presentations (PPTX on the left and PDF on the right) are the presentations from an SRM Masterclass that I ran in Singapore.
1. Update on SRMBOK and ISO31000
2. Security Risk Assessment
3. Career management