Order Now

Cyber Risk Illiteracy – 2 – Bald Tire

by | Feb 5, 2024

Cyber Risk Illiteracy – 2 – Bald Tire

The illiterate of the future will not be the person who cannot read. It will be the person who does not know how to learn.

—Alvin Toffler[i]

It’s not too late to learn. Don’t be the person that does not know how to learn.

Last week, I wrote a blog post and a LinkedIn article about cyber risk illiteracy. I wrote about the ongoing misunderstanding of basic risk terminology such as assets, threats, vulnerabilities, cybersecurity frameworks, processes, and maturity models. The list goes on.

In this 10-minute video clip, I cover some basic terminology based on the Bald Tire white paper written by Jack Jones several years ago. It serves as a great learning tool.[ii] As I mentioned in the introduction, if viewing this brief clip makes you angry, blame me. If you like it, thank Jack Jones!

https://youtu.be/KILrQ3MTDg8?si=bkQKbyEyiC2i3cKs

If, after viewing the video clip, you would like to learn more, in Appendix D, Enterprise Cyber Risk Management as A Value Creator, I define 25 essential terms for your ECRM Glossary… that will help you build your glossary. 

Questions Management and the Board Should Ask and Discuss

  1. Can you CISO and his/her team explain the difference between risks, threats, and vulnerabilities?
  2. Has your organization’s C-suite and board discussed and agreed upon a standard set of definitions related to cyber risk and cyber risk management?
  3. Have these definitions been documented in your organization’s ECRM strategy and framework documents and communicated via ECRM training?
  4. Do you believe your organization has already, or is currently, conducting ongoing, rigorous, comprehensive, enterprisewide risk analysis that would meet your regulatory requirements?
  5. At the most basic level, does your organization understand that risk exists when and only when there is an asset, a specific threat, and a particular vulnerability?
  6. Has your organization produced an enterprisewide risk register?
  7. As C-suite executives and board members, have you discussed, debated, and established your cyber risk appetite?

Endnotes

[i] BrainyQuote. “The illiterate of the future will not be the person who cannot read. It will be the person who does not know how to learn.” (n.d.) Accessed February 5, 2024. Available at https://www.brainyquote.com/quotes/alvin_toffler_409080

[ii] Jones, Jack. Fair Institute White Paper. “Bald Tire.” July 2, 2015. Accessed February 4, 2024. Available at https://www.fairinstitute.org/white-papers-bald-tire

Back to all Articles
Copy link
CopyCopied
Powered by Social Snap