Category: Enterprise Risk Management

Analysis of risk and the principles of mitigation using metrics and evidence rooted in causal analysis to protect and defend the enterprise.

Where will the NSA be in 5 to 10 years?

I’ve been thinking about how the structure of the intelligence community and specifically technical collection activities are understood. The departure of General Alexander and the current budget fights are policy fulcrum points that can be used for change. I have…

Thinking about risk: Active defense

If we can agree… (e.g. Ryan and Ryan heuristic). Then most policy, mechanisms, and effort has in the past been at decreasing vulnerabilities. FISMA, IAVA’s, patches, etc. are all part of the mitigation of vulnerabilities. They are not countermeasures. This was…