Skip to content
  • About
  • Resilience
  • Analytics
  • Architecture
  • Testing
  • Management
  • Risk
  • Other
A black swan

Black Swan Security

A blog about cybersecurity.

Tag: security risk

May 1, 2020April 1, 2022 Phil

Modern Security Risk Presentation

Risk, Security

I was recently asked to present in a remote session at the ISC2 Thames Valley Chapter on Modern Security Risk. I’ve not presented remotely like this before but while it was unusual not having the audience visible to see their reactions it seemed to go very well. There were a…

Read More
January 20, 2020April 1, 2022 Phil

What is Information Security Risk?

Risk

I am writing a series of posts describing Information Security Risk, from concepts to analysis and management. This is the first, what is Information Security Risk itself. Defining risk is a source of much debate from semantic to philosophical. What is clear is that risk refers to our uncertainty about…

Read More
August 6, 2019April 1, 2022 Phil

Information Security Risk Universe

Management, Risk

In my previous post, I introduced the concept of a ‘Risk Universe’ which I flesh out in more detail here. A Risk Universe provides a comprehensive view of the possible risks we face to aid in categorisation but also to act as a check on the scope of our risk…

Read More
July 16, 2019April 1, 2022 Phil

Unmitigated Surprise and Why Robust Risk Identification Matters

Management, Risk, Security

I have been rediscovering my security risk management roots recently and developing the components of a quantitative approach to security risk management. I am picking up the risk books I put down in 2008 when Cyber became the new brand for information security. At that time I became much more…

Read More

Recent Posts

  • What I’ve learnt writing cyber strategies with grand scopes
  • What do we protect in Cybersecurity?
  • Managing Identity Consciously
  • Why I don’t like PIGs in Security Risk
  • Security Folkways and Deliberate Security Culture
  • Homebrew Monte Carlo Simulations for Security Risk Analysis Part 2
  • Open Security Summit 2020
  • What are we missing in risk?
  • Commercial & Government Cyber Conversation
  • Through the barricades..
  • Modern Security Risk Presentation
  • What are Information Assets?
  • Dressing up security with Bow-Ties
  • Asset Management Measurement for Cyber
  • Triage in Supply-Chain Cyber Risk Management
  • Security on the Bottom Line
  • What is Likelihood?
  • What is Information Security Risk?
  • Serious Business?
  • Invest in the CIO, before the CISO

Tag Cloud

44con 27001 analytics architecture assurance big data board boardlevel ciso conference cyber cyber resilience cyber security cynefin data science engagement governance information security infosec leadership management measurement OODA pen testing principles protectivemonitoring regulation resilience resistance risk security security analytics security architecture zones trust securitymanagement security management security management cyber securitymonitoring security risk securitystrategy securitytest security testing strategy supply chain testing third-party

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

If you would like to ask a question or comment on anything I have written here please contact me via Twitter at @oracuk, if you can please link back to the post in question in your tweet.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 United States License.