Risk 2/4

2 min read

Digital technology and software for risk management

Digital technologies can be a powerful tool for organizations to identify, assess, and control risks. These technologies can help...

6 min read

Risk Management for the Modern Business: A Comprehensive Guide to Enterprise Risk Assessment

You have a lot on your plate as a CEO or senior executive. Numerous factors, from staying competitive to attracting and retaining top...

4 min read

The implications of the reproducibility crisis for risk management

The COVID-19 pandemic has accelerated several emerging trends, including: The widespread adoption of remote work, or working from home,...

5 min read

How to implement ISO31000 Risk Management Standard

Understanding, let alone managing risk, can often feel like hanging on by your fingertips. But it doesn't have to be that way. By...

4 min read

Peter Drucker was wrong

"What gets measured gets managed." - Peter Drucker [1] Like many cliches, "what gets measured gets managed" is correct enough to be...

7 min read

What's wrong with quantitative risk assessment?

Quantitative risk assessment (QRA) is a practical approach for evaluating and analyzing risk. Some proponents of QRA argue that it is the...

3 min read

Existential Risk as a Process

In Ernest Hemingway’s novel The Sun Also Rises, a passage in which a character named Mike is asked how he went bankrupt. “Two ways,” he...

6 min read

Some risk(y) thoughts

Let's start with the three most common errors when doing a risk assessment: Inadequate risk identification. Will the real risk please...

6 min read

Risk Management for Executives and Company Directors

I have put all my intelligence and effort into some beautifully crafted risk assessments over my years as a practitioner and I've been...

14 min read

The Psychology of Risk

“There is no dearth of evidence in everyday life that people apprehend reality in two fundamentally different ways, one variously...

2 min read

How to operationalize risk management

TL;DR: It's about culture. If you have to 'operationalize' risk management, whatever you're doing isn't risk management. Risk management...

2 min read

(ISC)2 Black Swan Extinction Presentation

I've just finished giving a presentation at the ISC2 2021 Security Congress and several people asked for a copy of the slides. I hope...

3 min read

How to find a risk management consultant

The search for the elusive subject matter expert - how to find a risk management consultant when you need one.

2 min read

How to find money for risk treatments

We all want better risk management but how do you convince people to pay for it? That question turned into a book and series of articles.

10 min read

What is the problem with Enterprise Risk Management (ERM)?

I've written about my version of what a fully featured enterprise risk management (ERM) system should, or at least could, look like....

6 min read

Three Steps To Deal With Uncertainty Without Killing Yourself In The Process

In 30 years of crisis management I can distill the success factors down to three things. Scenarios, lead indicators, and Plan Bs.

4 min read

How To Use A Risk Matrix

If you want to (or have to) use a risk matrix, here are some pitfalls to minimize the problems and maximize the benefits.

2 min read

The future of enterprise and risk management?

Imagine a system that monitors inputs, processes and outputs, tracking culture, and organizational behaviors.

6 min read

Risk BowTie Method

Bow-Tie is one of the simplest but most helpful risk management tools in the risk management arsenal. And it's highly visual.

3 min read

How to measure ALARP

ALARP (As Low As Reasonably Practicable) is a fundamental concept in risk management, as it should be in life in general. It expresses...

JULIAN TALBOT