When I first released SimpleRisk as a free and open source risk management tool at the BSides Austin conference...
BLOG
Original SimpleRisk content to help you be successful with your Governance, Risk Management and Compliance program.
How to Use Standards to Assess Your Organization's Cybersecurity Maturity (by SimpleRisk)
On March 29, 2019, Alex Polimeni and I presented at the BSides Austin conference on some of the work we've ...
GRC is Dead, Long Live GRC!
Recently, a friend sent me a blog post by John A. Wheeler of Gartner entitled "What Ever Happened to GRC?". In ...
Should Vulnerabilities and Risks be Managed in the Same Place?
While the distinctions between vulnerabilities versus risks has been widely documented in various forums, we ...
Pricing Integrity and Why We Won't Play the Pricing Games
Before starting SimpleRisk, I sat in the CISO chair, on the other side of the negotiating table. I learned the tricks ...
Why Management Doesn't Understand Your Security Woes
Has the number of security issues you deal with on a routine basis ever made you feel a bit like Atlas carrying the ...
What do Role Playing and Risk Management have in common?
A couple of weeks ago I participated in a CISO Summit with a focus on the topics of Security Visibility and Incident ...
How Does an Asset's Value Affect Your Risk?
Any CISSP will tell you that the way to calculate risk is by taking the likelihood and multiplying it by the impact...
The Origin of SimpleRisk - A Founder's Story
Every comic book superhero has a story behind them describing how they overcame some form of adversity in ...
