by Malte Spence | Feb 21, 2023 | Knowledge, Risk
The International Standards Organization recently published an updated version of their guidance for information security risk management, but they have missed the mark entirely on quantitative methods. What is ISO 27005? The ISO/IEC-27005 is one of the key standards...
by Malte Spence | Feb 14, 2023 | Knowledge, Risk, Security
An important step in any IT risk management process is to clearly define the information assets in scope. But what is an information asset really? How can you best describe your important information assets? And why is it so important to spend time on establishing a...
by Malte Spence | Jan 10, 2023 | Knowledge, Risk
Inherent risk… residual risk… current risk? When your risk manager or regulatory affairs asks about your “inherent risk”, it highlights a fundamental flaw in qualitative risk assessments. Here’s why – and how to fix it. Although most of us engage in some form of...
