Here are the highlights from “Hacking the Risk Decision Making Process” Video Chat. To watch the full video and read the chat go here.
This video chat features me, David Spark and:
- Tony Sager, senior vp and chief evangelist, Center for Internet Security
- Marnie Wilking (@mhwilking), global head of security & technology risk management at Wayfair.
Got feedback? Join the conversation on LinkedIn.
Winner of the best bad idea
We had a whopping 31 bad ideas this week. A new record for us. But this week’s bad idea prize goes to William Tulaba of Cognex Corporation with his incredibly creative idea that I honestly want to try: “Use a Who Wants To Be a Millionaire-style with risk decisions, even adding ‘phone a friend'”
Honorable mention for bad idea goes to previous winner Dutch Schwartz, AWS, who tweaked an idea from Rick Woodward of Dominion Energy to give us “All C-suite must vote on risk decisions. Simple majority wins. If there’s a tie, the chief marketing officer is the tie-breaker.”
And Rick Woodward, another previous winner, gets an honorable mention himself for this bad idea: “Require signatures from all C-suite personnel on all risk decisions.”
Last honorable mention to Richard Uhunmwagho, Emirates NBD, “Refresh your risk register annually, by deleting all risks on the last day of the year 31-Dec-2020 11:59:59pm and start again with a fresh template on Jan 1st.”
Best quotes from the chat room
“Pretty much every successful risk program starts in Excel as a Fisher Price version.” – Chase Pettet, Wikimedia Foundation
“IT & cyber are used to speak ‘riskish’ but the C-suite usually speak ‘money.’ Education means speaking in the same language, that leads to quicker decisions.” – Eli Migdal, Boardish
“Heavy regulations can give organizations a sense that meeting compliance is good enough in a “Father knows best” kind of way. That mindset is hard to get over, especially when funding is involved.” – Rick Woodward, Dominion Energy
“There’s a bit of artistry involved in defining impact, likelihood and velocity of ‘cyber’ risks… but it can be done. And starting somewhere is better than doing nothing.” – Chris Zell, The Wendys Company
“I agree with @ELi, If regulations drives the conversation of risk with your board, then by all means, keep using regulation to drive your security risk program.” – Richard Uhunmwagho, Emirates NBD
Follow us on Crowdcast
For as long as we can handle it, our video chats will be happening every Friday at 10 AM Pacific/1 PM Eastern. Please follow us on Crowdcast to be alerted the moment a video chat goes live.