risk

Imported tag from Readwise

No one grows up saying I want to do the same thing everyone else is doing. And yet there is a comfort to surrounding yourself with people who agree with you, or who are doing the same thing you’re doing.

Shane Parrish • Clear Thinking

This has been bouncing around in my head for quite some time, more around business and the “what are our competitors doing” kind of sense, but similar. I keep thinking about all moms asking the question, “if little Johnny jumped off the bridge, would you?” It’s funny how we are confronted with this idea early in life, but still fall in line.

I have also read a few different business books and articles talking about senior leadership and taking risks to go against the grain which they implied are ill-advised. On one hand, it makes sense if long-term revenue generation is working. But, what about innovation? Avoiding escalation of commitment and changing bad practices? Is it risky? Sure. But, the alternative is to just say “yes” and go with the flow?

Asset Vulnerability : Identifying vulnerabilities within these assets is the next step. Vulnerabilities can be technical (e.g., unpatched software) or human-related (e.g., suboptimal configuration). Individual vulnerabilities will also have different outcomes and widely varying likelihoods of real-world exploitation. Does successful exploitation

Rik Ferguson • The Cybersecurity Resilience Quotient Measuring Security Effectiveness

In fact, the outbreak starting in Chicago was the scenario for a series of exercises called Crimson Contagion that the Department of Health and Human Services (HHS) convened in 2019 to test the United States’ capacity to respond to a severe pandemic. Its results were as alarming as they were conclusive: our nation was woefully underprepared.

Stanley McChrystal • Risk

This seems a little to coincidental. It seems they had more foresight than acknowledged on the impending pandemic. A bit miraculous they table-topped this two months prior.

The truth is that in today’s hyperconnected world, maturity-based cybersecurity programs are no longer adequate for combatting cyberrisks. A more strategic, risk-based approach is imperative for effective and efficient risk management (Exhibit 2).

Jim Boehm • The Risk-Based Approach to Cybersecurity

Mostly, they seek out vulnerabilities, detect attacks, and eliminate compromises. Of course, the size of the attack surface and the sheer volume of vulnerabilities, attacks, and compromises means organizations must make tough choices; not everything gets fixed, stopped, recovered, and so forth. There will need to be some form of acceptable

Stuart McClure • How to Measure Anything in Cybersecurity Risk

Scenarios are an underappreciated way to model infosec risk. A scenario is simply a future, consequential event you write to express a risk you’re concerned about. I’ve found that scenarios are flexible, creative, powerful, and rich with neat features. A good risk scenario focuses groups on their work… so writing them well is a craft that makes

Ryan McGeehan • Beyond Controls: The Power of Risk Scenarios

What's Wrong With Manufacturing?

The Hacker News thehackernews.com

Michele Wucker introduced the term Gray Rhino to describe events we should all see coming but overlook because we don’t take them seriously enough. A Gray Rhino is a highly probable, high impact, yet neglected threat.

Bob Gourley • Mental Models for Leadership in the Modern Age

A single control can mitigate many scenarios. This is why control-based approaches are often so portable and valuable from company to company. Controls can appear in contracts, are easily auditable, and make explainable security products. That’s why control-based approaches are so popular. When a fundamental control is missing, it is probably a