Search results for “CRISC”

CRISC – The Bottom Line (oh yeah, Happy New Year!)

by alex on January 2, 2011

No doubt my “Why I Don’t Like CRISC” blog post has created a ton of traffic and comments.  Unfortunately, I’m not a very good writer because the majority of readers miss the point.  Let me try again more succinctly: Just (…)

Read the rest of this entry »

A Letter from Sid CRISC – ious

by alex on October 25, 2010

In the comments to “Why I Don’t Like CRISC” where I challenge ISACA to show us in valid scale and in publicly available models, the risk reduction of COBIT adoption, reader Sid starts to get it, but then kinda devolves (…)

Read the rest of this entry »

Don’t fight the zeitgeist, CRISC Edition

by Chandler on September 14, 2010

Some guy recently posted a strangely self-defeating link/troll/flame in an attempt to (I think) argue with Alex and/or myself regarding the relevance or lack thereof of ISACA’s CRISC certification.  Now given that I think he might have been doing it (…)

Read the rest of this entry »

ISACA CRISC – A Faith-Based Initiative? Or, I Didn’t Expect The Spanish Inquisition

by alex on July 2, 2010

In comments to my “Why I Don’t Like CRISC” article, Oliver writes: CobIT allows to segregate what is called IT in analysable parts.  Different Risk models apply to those parts. e.g. Information Security, Architecture, Project management. In certain areas the (…)

Read the rest of this entry »

CRISC? C-Whatever

by Chandler on June 24, 2010

Alex’s posts on Posts on CRISC are, according to Google, is more authoritative than the CRISC site itself: Not that it matters.  CRISC is proving itself irrelevant by failing to make anyone care.  By way of comparison, I googled a (…)

Read the rest of this entry »

CRISC -O

by alex on June 24, 2010

PREFACE:  You might interpret this blog post as being negative about risk management here, dear readers.  Don’t. This isn’t a diatrabe against IRM, only why “certification” around information risk is a really, really silly idea. Apparently, my blog about why (…)

Read the rest of this entry »

Why I Don’t Like CRISC, Day Two

by alex on January 20, 2010

Yesterday, I offered up a little challenge to suggest that we aren’t ready for a certification around understanding information risk.  Today I want to mention why I think this CRISCy stuff is dangerous. What if how we’re approaching the subject (…)

Read the rest of this entry »

Why I Don’t Like CRISC

by alex on January 19, 2010

Recently, ISACA announced the CRISC certification.  There are many reasons I don’t like this, but to avoid ranting and in the interest of getting to the point, I’ll start with the main reason I’m uneasy about the CRISC certification: We’re (…)

Read the rest of this entry »

Actually It *IS* Too Early For Fukushima Hindsight

by alex on March 22, 2011

OR – RISK ANALYSIS POST-INCIDENT, HOW TO DO IT RIGHT Rob Graham called me out on something I retweeted here (seriously, who calls someone out on a retweet?  Who does that?): http://erratasec.blogspot.com/2011/03/fukushima-too-soon-for-hindsight.html And that’s cool, I’m a big boy, I (…)

Read the rest of this entry »

RiskIT – Does ISACA Suffer From Dunning-Kruger?

by alex on June 25, 2010

Just to pile on a bit…. You ever hear someone say something, and all of the sudden you realize that you’ve been trying to say exactly that, in exactly that manner, but hadn’t been so succinct or elegant at it? (…)

Read the rest of this entry »