ISACA CRISC – A Faith-Based Initiative? Or, I Didn’t Expect The Spanish Inquisition

In comments to my “Why I Don’t Like CRISC” article, Oliver writes: CobIT allows to segregate what is called IT in analysable parts.  Different Risk models apply to those parts. e.g. Information Security, Architecture, Project management. In certain areas the risk models are more mature (Infosec / Project Management) and in certain they are not [...]

Filed under: Science of Risk Management by alex on Friday, July 2, 2010 | Social tagging: > > > > >
6 Comments »

Measuring The Speed of Light Using Your Microwave

Using a dish full of marshmallows.  We’re doing this with my oldest kids, and while I was reading up on it, I had to laugh out loud at the following: …now you have what you need to measure the speed of light. You just need to know a very fundamental equation of physics: Speed of [...]

Filed under: Amusements, measurement, metrics by alex on Monday, June 21, 2010 | Social tagging: > >
No Comments »

Can quantitative risk estimation serve as a guide for every-day policy decisions?

A methodology is presented for guiding individual policy decisions from a risk management perspective, using a form of “abduction validation”. An example is presented using the case of password change policy, drawing from recent blog discussions.

Filed under: Science of Risk Management by Russell on Saturday, December 5, 2009 | Social tagging: > > >
8 Comments »