One of my good friends, Brian Barnier[1], has written an interesting piece on cybersecurity targeted at internal auditors but also relevant for other practitioners. Brian is one of the smartest people I know (I am lucky to know and learn from so many) and an expert on technology and financial management. He is also the author of a couple of risk management books.
His article, which I show in its entirety below, suggests that we need to use “design thinking” to assess whether an organization’s cybersecurity meets its needs.
Brian doesn’t tackle the question of whether you assess cyber based on risk to information assets (NIST. ISO, and FAIR) or risk to the achievement of business objectives (Marks, et al).
But I recommend reading and considering his point of view.
I welcome your comments. You can also contact Brian directly (click here for his LinkedIn profile).
XX
=====================================================================================
Wonder Woman — “Reasonable Assurance” and Cybersecurity
Brian Barnier & Prachee Kale
An award-winning film director and her CISO sister are enjoying dinner al fresco. Savoring wine under glowing fairy lights, they compare professional notes …
“Paula, every conversation about your cyber stuff grows my world beyond the art, logistics and risk…
