Changing habits and mindsets take time and persistence. Especially within IT risk management. Again and again, we at ACI meet tonnes of objections to changing behaviour despite witnessing the benefits of moving from qualitative to quantitative. So, I felt...
Communication is difficult, also when it comes to the risk of cyberattacks. The board and management need a clear basis for decision-making, but the communication needs to improve because it is often too technical or too high-level and abstract. Both cases are useless...
A skilled offshore engineer with whom I collaborated gave me a very concrete example of the application of risk appetite. The height of a drilling platform is set according to legislation and standards but also according to the company's risk appetite. How big a wave...
If you are an IT expert and are asked to estimate, you may have experienced the frustration of having to estimate based on poorly formulated scenarios. If you are a risk manager and have had to build a risk register, you may also have experienced that it can be tiring...
When speaking about future events, it's inherently subject to uncertainty. A risk assessment tries to understand future loss events and is therefore also subject to uncertainty. The less history or fewer measurements, the greater the uncertainty. How can one predict...