Risk Appetite: What Really Matters

When thinking about risk appetite, it might be a rewarding exercise to self-reflect a bit and think about where real risk for an organization will arise. If we really understand risk to be related to the likelihood and severity of bad outcomes an organization wishes to avoid, we should be thinking about how bad things in the technology risk universe can occur in a business context.

Innumerable research reports, including the recent Verizon Data Breach Report, show that the vast majority of attacks on organizations come from outside and not from within. The percentage of organizations that suffer from attacks by malicious insiders is small.

Read more: Risk Appetite: What Really Matters >


Why Words Are Critical for Good Cybersecurity

In June 2013, Handelsblatt, a German economic newspaper announced, “The sensation is perfect:  BASF CEO Kurt Bock is the new top speaker in the top-30 of the German DAX-companies.” Interestingly, Bock did not only displace last year’s winner as the most eloquent speaker but also managed a real shift from 18th place to 1st place in the Handelsblatt-Speaker-Ranking. Bock explained his rise, “Our shareholders are an important target group. Therefore, it comes to impart them convincingly how BASF stands, what the challenges are, what solutions we have, and how we develop the company strategically.” Therefore, he worked on his speech to become easy to understand and gained 7.4 points (out of 10 points maximum) for its comprehensibility.

Read more: Why Words Are Critical for Good Cybersecurity >


Analyzing Language to Improve Information Security

When I read that the ISACA Journal was devoting an issue to the language of information security, I felt compelled to contribute. Most of my adult life has been dedicated to the study of language in some way, beginning as an undergraduate English major. As a professional, I remain fascinated at the centrality of language to everything that we do; as an academic, I have studied language usage and effects. The technical aspects of language such as grammar, syntax and vocabulary are the structures that allow us to communicate with each other. At a more abstract level, language provides meaning through the narratives and stories we use to describe human experiences.

Read more: Analyzing Language to Improve Information Security >