What are we missing in risk?

I’ve recently been talking with some executives who bemoan the risk management in their organisations. They don’t trust the risks as they are presented and worry about putting their finite resources of money and time in the wrong places because of it. They worry that as soon as the analysts…

Through the barricades..

I was speaking with a peer recently about the value of bow-tie diagrams and how they allow you to separate controls from mitigations and it became obvious I was using these terms in a way that needed to be explained. Barrier model risk methods developed in the safety and reliability…

What are Information Assets?

Many methods for analysing Information Security Risks use the term assets, information assets or business assets interchangeably. This is a common foundation of Information Security risk analysis often providing a guide to the business impact of a risk being realised in particular systems that hold or access these assets. The…