What are we missing in risk?

I’ve recently been talking with some executives who bemoan the risk management in their organisations. They don’t trust the risks as they are presented and worry about putting their finite resources of money and time in the wrong places because of it. They worry that as soon as the analysts…

Through the barricades..

I was speaking with a peer recently about the value of bow-tie diagrams and how they allow you to separate controls from mitigations and it became obvious I was using these terms in a way that needed to be explained. Barrier model risk methods developed in the safety and reliability…

What are Information Assets?

Many methods for analysing Information Security Risks use the term assets, information assets or business assets interchangeably. This is a common foundation of Information Security risk analysis often providing a guide to the business impact of a risk being realised in particular systems that hold or access these assets. The…

Dressing up security with Bow-Ties

Bow-Tie diagrams are a very useful way to visualise the components of security risks and a fantastic way to understand the relative importance of different controls and mitigations. A bow-tie diagram uses the risk scenario under consideration as the ‘knot’ of the tie with two trees either side, the left-hand…