Making an investment in reliable systems can be difficult if the leadership can't put a price on the value of that reliability. By depicting the economics of recovery accurately, you can help clarify the problem and produce an accurate decision.
Automated vulnerability and configuration/hardening scanning can be a boon but can also go wrong in many ways. These are my recommendations.
A catalog of past projects is a document or collection of documents that lists and provides information about the various projects that have been completed - and importantly, those that failed.
Following fifteen years of high management turnover, the IT operations division of a financial institution faced multiple urgent matters. Normalizing change in a sustainable way became a priority.
Non-profits require processes monitoring the enterprise for loss, including missed opportunity. I have written a manual for doing so that avoids common pitfalls in risk management.
I wrote a manual on risk management for non-profits that makes optimal use of common organization structures and avoids common risk management mistakes.
The Investment Industry Association of Canada needed guidance for their member broker-dealers on evaluating vendor cyber security readiness. I co-authored that work.
Agile software delivery is about quick increments of software, while regulated environments like checks and controls. Reconciling them is the trick.
Don't treat people like they're expendable, treat them like you want to be treated–with respect and dignity.
Regulated industries cannot tolerate failed software releases. For a software vendor in a regulated industry, the challenge is to deliver new software with assurance.
A technology provider can get nowhere in a regulated industry despite having a great product if the clients lack trust. This is where a SOC-2 audit report can help.
US-based multinational specializing in health information required a data anonymization process to replace a legacy system.
Instituting the ITIL functions of incident management and change management at a Japanese bank.
Application vulnerability fixes should be a no-brainer, right?
This guide on third party risk was written towards controlling a range of risks can possibly arise from the outsourcing of core functions
Peter Drucker was a prolific and talented business writer who has much to teach us about strategic risk.
Strategic risk management is a hard subject to grasp. These matters are so big it's a problem even understanding where to start.