Gartner Blog Network

Tag: 'risk' Blog Posts

from the Gartner Blog Network

What Is In Your GRC "Junk Drawer"?

by John Wheeler  |  March 3, 2015

Everyone has one. Somewhere in their kitchen or garage is the infamous "junk drawer". Over time, the drawer fills up with gadgets, tools, scraps of paper with to do lists...

Read more »

Things That Aren't Risk Assessments

by Ben Tomhave  |  July 24, 2014

In my ongoing battle against the misuse of the term "risk," I wanted to spend a little time here pontificating on various activities that ARE NOT "risk assessments." We all...

Read more »

Imperial Insight: Naked Emperor 95% exposed in fact if not in theory

by Nick Ingelbrecht  |  May 20, 2014

The fable of the emperor’s new clothes came to mind this week with the news that academics from Imperial College, London, have worked out how to convert light into matter,...

Read more »

How to Get a Risk Aware Culture and Do It Today

by French Caldwell  |  May 8, 2014

[caption id="attachment_901" align="aligncenter" width="620"] Photo: Planet Killing Asteroid - Los Alamos National Laboratory[/caption] A giant planet killing asteroid helps.  Short of that, perhaps losing millions of your customers over a...

Read more »

Fatal Exception Error: The Risk Register

by Ben Tomhave  |  March 7, 2014

I read this article a few weeks ago and set it aside to revisit. In it, the author states that "Risk management used to be someone else's job." and then...

Read more »

New Research on IT Risk Assessment and Analysis Methods

by Ben Tomhave  |  February 3, 2014

I'm pleased to announce that our new paper, "Comparing Methodologies for IT Risk Assessment and Analysis," is now available to Gartner for Technical Professionals subscribers! This research represents a few...

Read more »

Q4 Challenge: Drop "Risk," Be More Precise

by Ben Tomhave  |  October 2, 2013

I've decided to try something a little different. Near the beginning of each quarter I'm going to issue a challenge to everyone (colleagues, clients, vendors, etc.) in order to see...

Read more »

Missing the Point, Over and Over and Over Again

by Ben Tomhave  |  September 24, 2013

I saw a quaint marketing message from a security vendor recently that made a call for "back to basics." This is a somewhat intriguing piece of advice to give, considering...

Read more »

AuthN TNG: Many Factors, Confidence, and Risk Scoring

by Ben Tomhave  |  September 12, 2013

Caveat: I'm part of the Security and Risk Management Strategies (SRMS) team, and not part of Identity and Privacy Strategies (IdPS). Also, fair warning... this is an incomplete thought and...

Read more »

All the World's a Cloud

by Ben Tomhave  |  July 23, 2013

No, not really. But it could be. Consider, if you will, the five essential characteristics of cloud computing (via SP800-145, as well as the CSA Security Guide): On-demand self-service Broad...

Read more »