Tag Archives: risk

Risk and Security Regional Community Forum

Posted on September 7, 2023 by Carmelo

Wipro/Edgile/ServiceNow me out to Silicon Valley to have a discussion on my project associated with my Vulnerability Governance program and we ended up being the headliner! It was pretty cool and I got to hang out with a coworker and … Continue reading

Posted in Security Blog | Tagged , , , , , , , , , , | Comments Off on Risk and Security Regional Community Forum

Updates to OpenFAIR

Posted on August 3, 2020 by Carmelo

There’s an update to OpenFAIR and here’s the video on it. The update includes adding the NIST CSF 5 Functions around the 15 minute mark.

Posted in Security Blog | Tagged , , , , , , , , , | Comments Off on Updates to OpenFAIR

#PhoenixES3

Posted on October 25, 2018 by Carmelo

I was part of a Panel to discuss Integrated Risk Management and Security Operations at the Optiv Enterprise Security Solutions Summit. It was a wonderful experience and I’d love to do it again.

Posted in Security Blog | Tagged , , , , , | Comments Off on #PhoenixES3

An Infographic to Implement an IT Governance, Risk, and Compliance Framework and a Risk Management Framework

Posted on July 3, 2018 by Carmelo

I built an Infographic to Implement an IT Governance, Risk, and Compliance Framework and a Risk Management Framework. I do hope everyone finds it useful. A good solid framework is a critical foundation to lay for managing risk in businesses … Continue reading

Posted in Security Blog | Tagged , , , , , , , , , , , , | Comments Off on An Infographic to Implement an IT Governance, Risk, and Compliance Framework and a Risk Management Framework

RSA Archer and GRC

Posted on April 17, 2018 by Carmelo

Yesterday I gave a presentation on RSA Archer and GRC at a lunch and learn. I got a lot of some lovely compliments. Topics were focused on Governance and Risk Frameworks, and processes.

Posted in Security Blog | Tagged , , , , , , | Comments Off on RSA Archer and GRC

Just Accept the Risk

Posted on July 13, 2017 by Carmelo

Lately, there is a lot of risk management in my life.

Posted in Security Blog | Tagged , , , , | Comments Off on Just Accept the Risk

Risky? I Too Like to Live Dangerously

Posted on March 27, 2017 by Carmelo

She said she was turned on by men who took risks . . .So he took the plastic off his iPhone screen. — 50 Nerds of Grey (@50NerdsofGrey) April 1, 2016

Posted in Security Blog | Tagged , , , | Comments Off on Risky? I Too Like to Live Dangerously

When Less Is More

Posted on March 23, 2017 by Carmelo

I had a slightly engaging discussion regarding the scoring of impact, with human life being one of the factors. (Think a negative event with the factors being reputation, financial, property, human life as part of the equation) What value do … Continue reading

Posted in Security Blog | Tagged , , | Comments Off on When Less Is More

What is GRC?

Posted on February 9, 2017 by Carmelo

Governance, Risk, and Compliance. A nice infographic.

Posted in Security Blog | Tagged , , , , | Comments Off on What is GRC?

Pragmatic Cyber Risk Quantification

Posted on January 30, 2017 by Carmelo

ISC2 presents Jack Jones, founder of FAIR. Quantitative risk analysis is achievable, can be pragmatic, and can actually out-perform qualitative risk analysis in the face of complex issues like intelligent adversaries. Join Jack Jones, the original author of the Factor … Continue reading

Posted in Security Blog | Tagged , , , , , , | Comments Off on Pragmatic Cyber Risk Quantification