Saved by Chad Hudson
Beyond Controls: The Power of Risk Scenarios
The risk-based approach to cybersecurity is thus ultimately interactive—a dynamic tool to support strategic decision making. Focused on business value, utilizing a common language among the interested parties, and directly linking enterprise risks to controls, the approach helps translate executive decisions about risk reduction into control implem
... See moreJim Boehm • The Risk-Based Approach to Cybersecurity
In reality, risk is neither mathematical nor finite. Its impact depends to a great extent on how we perceive, process, and respond.
Stanley McChrystal • Risk
Scenarios are thus the most powerful vehicles I know for challenging our “mental models” about the world, and lifting the “blinders” that limit our creativity and resourcefulness.
Peter Schwartz • The Art of the Long View
When you've created this kind of culture, management expectations are rooted in reality, where everyone considers their effect on the organization's security posture, and CISOs aren't faced with surprises, resistance, and friction that make them want to quit. If you advocate with the clarity that most cannot find in cybersecurity, you will achieve
... See moreDark Reading • Rethinking Cybersecurity's Structure & the Role of the Modern CISO
the idea here is not to eliminate risk—risk-free projects tend to be incremental. Instead, the goal is to name, quantify, and work steadily to chip away at risk. As a corollary, when presenting an idea for a new project or startup company, be candid about risk—it has the paradoxical effect of making your case more convincing.