De heat maps vliegen in het rond

Reken maar, op de bijeenkomst. Post gescheduled voordat het programma bekend werd dus eens zien hoeveel punten we scoren…: ] Niet De bijeenkomst. Wegens: En ook de posts van de afgelopen tijd, waaronder (deze, als u goed leest,) deze, deze en deze plus deze toch vrij helder moge wezen. En voor degenen die nog verder … Continue reading “De heat maps vliegen in het rond”

Heat maps lezen: Zo doe je dat

Gisteren stond er de post over wat er niet mis is aan risk heat maps. Voorwaar een (kennelijk) helder stukje, het kreeg vele hits en Likes. Echter, het bleek dat sommige mensen de post ook daadwerkelijk opende en er zelfs wat in snuffelden. Gezien de reacties was de post klaarblijkelijk nog niet helemaal helder. De … Continue reading “Heat maps lezen: Zo doe je dat”

Er is niks mis met risk heat maps …

In vertaling van David Vose‘s blog posts, met toestemming: Vooraf even een paar woorden opdat u niet schrikt …: Dit artikel gebruikt ironie. Zowat ieder idee dat hier te berde wordt gebracht, is volkomen en volslagen nonsens. Dit kan confronterend werken, omdat hier wel een min of meer exacte optekening staat van wat mensen daadwerkelijk … Continue reading “Er is niks mis met risk heat maps …”

When Actor meets Opportunity, fraud sparks may fly

Too bad the ‘fraud triangle’ endures… Despite having been torn; down or to pieces, or whatev’… and some handy pages helping you out. To see that when you use those words often, they may not mean what you think they mean … [anyone see the pleonasm in this page its title ..?] My take: 1. … Continue reading “When Actor meets Opportunity, fraud sparks may fly”

Your Cyberrrr… Portfolio ..?

Tinkering with the ideas for IRM/ORM to tackle the post heat map world. The one that emerges once all the one’s out there take the truth seriously, which would lead to: And for the nay-(not…)sayers this post to illuminate the destructive cling-to-failure-mode thinking of many still, in RM. After which there is still tons of … Continue reading “Your Cyberrrr… Portfolio ..?”

ICYMI; Risk Management Requires Quite Some Wider Perspective

Yeah, I’ve blogged about risk management quite a lot, lately. The most of content was about RM1 versus RM2; the former being the day-to-day control over negative events through controls, so as to get to the Objectives set by … well, that follows below, and the latter, being about tornado charts on fishboning all-than-needs-to-go-well-to-make-this-a-success factors, … Continue reading “ICYMI; Risk Management Requires Quite Some Wider Perspective”

RM with admitted-flawed models

In preparation for a post later this month, about the ‘usefulness’ of risk heat maps … Against the most basic of common sense, some people [most of the ones working in the areas where this should matter a lot, near life-or-death levels of a lot, e.g., banking supervision and compliance] still hold onto ‘heat maps’ … Continue reading “RM with admitted-flawed models”

The uncontrollable dynamics of controls

Further to yesterday’s post, here’s some sidelines on ‘control’s. Where typical ‘ORM’ would take risks one by one, and treat them all in the same fashion. Take one risk, see what you can do qua preventative controls, and then .. a long time of bickering and arguing until some arm twisting leads to hap-hazard (sic) … Continue reading “The uncontrollable dynamics of controls”

The uncertain timing of your hack(ed)

On the one hand there’s the discussions regarding the oh so much needed renewal of ‘risk management’. Trying to drop the ‘heat map’ nonsense and the 3LoD sameness. On the other, there’s infosec trying to first get rid of all the ‘cyber’ bs (#ditchcyber) and second trying to achieve something against all grains. On the … Continue reading “The uncertain timing of your hack(ed)”