Home
> Risk > Common sense talk about risk heat maps and more
> Risk > Common sense talk about risk heat maps and more
Common sense talk about risk heat maps and more
My congratulations go to James Lam, a long-time risk practitioner at E*Trade, and Chris Inglis, board member at FedEx, for their comments in a recent article. The piece says:
- The current iteration of risk evaluation heat maps are akin to slow-to-pixelate Doppler radars. They don’t do cyber risk evaluation justice, nor do they convey impact in a thoughtful manner for a board of directors.
- “I’ve seen heat maps since the ’90s … and I still don’t know what to make of them. Looking at a heat map, the board is left to question the placement of risk. “Heat maps are one of the worst things that happened to risk assessment,” said Lam. “If I look at something in yellow, should I want it in the green? … or do I want to get closer to orange or red if I can get a return on the risk?”
- Traditional color-coded risk assessments fail to quantify risk in a manner boards are prepared to understand.
- If someone asks for $5 million for multifactor authentication, the board won’t know how to respond.
- It’s a “breath-taking moment” when someone from IT can say they read the business plan during a board pitch.
Inglis says he wants his risk assessment team and cyber defense to be…