Risk Appetite: What Really Matters

op .

When thinking about risk appetite, it might be a rewarding exercise to self-reflect a bit and think about where real risk for an organization will arise. If we really understand risk to be related to the likelihood and severity of bad outcomes an organization wishes to avoid, we should be thinking about how bad things in the technology risk universe can occur in a business context.

Innumerable research reports, including the recent Verizon Data Breach Report, show that the vast majority of attacks on organizations come from outside and not from within. The percentage of organizations that suffer from attacks by malicious insiders is small.

Read more: Risk Appetite: What Really Matters >


Why Words Are Critical for Good Cybersecurity

op .

In June 2013, Handelsblatt, a German economic newspaper announced, “The sensation is perfect:  BASF CEO Kurt Bock is the new top speaker in the top-30 of the German DAX-companies.” Interestingly, Bock did not only displace last year’s winner as the most eloquent speaker but also managed a real shift from 18th place to 1st place in the Handelsblatt-Speaker-Ranking. Bock explained his rise, “Our shareholders are an important target group. Therefore, it comes to impart them convincingly how BASF stands, what the challenges are, what solutions we have, and how we develop the company strategically.” Therefore, he worked on his speech to become easy to understand and gained 7.4 points (out of 10 points maximum) for its comprehensibility.

Read more: Why Words Are Critical for Good Cybersecurity >


Analyzing Language to Improve Information Security

op .

When I read that the ISACA Journal was devoting an issue to the language of information security, I felt compelled to contribute. Most of my adult life has been dedicated to the study of language in some way, beginning as an undergraduate English major. As a professional, I remain fascinated at the centrality of language to everything that we do; as an academic, I have studied language usage and effects. The technical aspects of language such as grammar, syntax and vocabulary are the structures that allow us to communicate with each other. At a more abstract level, language provides meaning through the narratives and stories we use to describe human experiences.

Read more: Analyzing Language to Improve Information Security >



ISACA geeft examentrainingen om de titel CISA te mogen voeren. CISA is een wereldwijd erkend certificaat voor IS audit control. Het toont aan dat u de benodigde ervaring, skills en kennis heeft om veiligheidsrisico's te detecteren en betrouwbare audits uit te voeren.

Lees meer over de CISA-training


Als CISM bent u in staat om zelfstandig informatieveiligheid te analyseren. ISACA verzorgt een examentraining voor CISM, die zowel ruimte biedt voor het bijspijkeren van kennis als concrete oefeningen voor het examen.

Lees meer over de CISM examentraining