tagged 
compliance, metrics, models, risk
compliance, metrics, models, risk Entries in models (3)
Risk Is Better Than Uncertainty
Sunday, December 6, 2009 at 3:28PM The IT GRC field is in transition. Today we are dealing with UNCERTAINTY when we really, really want to be working with RISK because the management tools are so much better. However, there is a light at the end of the tunnel. The electronic medium that caused the situation should also help us solve the problem. We just need to keep collecting data, tracking the improvements produced through compliance, and creating new models and metrics.
Model? What Do You Mean?
Sunday, November 29, 2009 at 3:24PM We need to agree on what we mean when we use the word MODEL. Why? Because if we don't start at the base of our pyramid of understanding then we can each be going down different paths without ever knowing it. When we create IT Security risk metrics we need to be conscious of the models underpinning those metrics so that we can interpret them wisely.
Risk, Metrics, and Models
Saturday, November 28, 2009 at 2:17PM It is widely agreed that managing IT security risk requires security metrics. This seems to be where widespread agreement stops, however. If we are going to work through this phase of the maturing of IT security we must speak a common language derived from common conceptual frameworks.