Insiders are legitimate, trusted, individuals we rely on as part of our business activities.
Category: Risk
Information Security Risk Universe
In my previous post, I introduced the concept of a ‘Risk Universe’ which I flesh out in more detail here. A Risk Universe provides a comprehensive view of the possible risks we face to aid in categorisation but also to act as a check on the scope of our risk…
Unmitigated Surprise and Why Robust Risk Identification Matters
I have been rediscovering my security risk management roots recently and developing the components of a quantitative approach to security risk management. I am picking up the risk books I put down in 2008 when Cyber became the new brand for information security. At that time I became much more…
Estimating Probability
I have found that asking people to estimate the probability of a risk occurring as a percentage leads to them performing a pseudo-mathematical calculation in their head (System 2 thinking I suspect) which often ends up with a fairly high probability being estimated, especially when compared to base rates. However,…
Homebrew Monte Carlo Simulations for Security Risk Analysis
I cannot say enough good things about Doug Hubbard’s work. I’ve been obsessed with How to Measure Anything and The Failure of Risk Management so when he published How to Measure Anything in Cybersecurity Risk with Richard Seierson I could not have been happier. The whole book is worth reading…