Welcome to the weekly post where I take the opportunity to expound on just about anything. Never fear, there is always a dedicated Infosec portion for those that don't care about anything else 
Here are a few links if you'd like to skip to a particular part of the post.
Thoughts
Infosec Stuffs
Non-Infosec Stuffs
Thoughts
"Any man may be in good spirits and good temper when he's well dressed. There ain't much credit in that."
~Charles Dickens
Infosec Stuffs
This week I am going to point you to a couple of PDFs that were brought to my attention via the Society of Information Risk Analysts. Both were suggested as good reading by Russel Thomas and I concur with his assessment.
Risk Visualization
How many of us have projects in flight or would like to get something put together into a dashboard format for our executives that effectively communicates information risk in our organizations?
How many have something, but would like it to be better?
The first paper I'd like to point you to is entitled Envision Risk (Pdf). The subtitle is "A Systematic Framework for Risk Visualization in Risk
Management and Communication" which pretty much explains what this paper is about, but don't take my word for it.
From the abstract:
Managing and communicating risks have become crucial tasks in today’s economy and society. Visualization – through its numerous cognitive and communicative advantages – can play an important role in comprehending and conveying risks. This report thus examines how graphic representations such as maps, charts, diagrams, and visual metaphors, can be applied to risk management by summarizing the current state-of-the-art in a conceptual framework that is illustrated with application examples.
Key Risk Indicators
The next PDF is about Key Risk Indicators (PDF). From the intro to the chapter:
In this chapter, we will seek to demystify KRIs, understand the basic fundamentals in identifying, specifying, selecting and implementing quality indicators, and consider how to monitor and report on them, in conjunction with other useful operational risk management information, to create powerful management reporting.
I have not have a chance to get into this one very deep yet, but when Russel and another good friend of mine, Chris Hayes, recommend it, it has to be worth reading. I do find the concept of KRIs intriguing.
Non-Infosec Stuffs
Sorry. No non-infosec stuff this week.
Closing
That's it for this week. I hope you found something that piqued your interest.
As always, comments welcome below or you can email me at kriggins@infosecramblings.com if you prefer.
If you are interested in getting my content regularly, go ahead and subscribe to my RSS feed. You can also subscribe to have posts emailed to you if you prefer.
-Kevin
