The Risk Hose Podcast

Episode 21: A Call-In Show!

After a small hiatus - Alex, Chris and Jay reconvene to answer some questions left on the riskhose voicemail (218-248-RISK). For those wondering why episode 21 is being released before episode 20 – we briefly cover that too.

Some topics covered in this episode:

1.    Role of Internal Audit in ‘risk management’
2.    Rules of RISK
3.    Capability maturity relative to size of organization

Keep the questions and voicemails coming! Enjoy the episode!

Episode_21_A_Call-in_Show!.m4a

(download)

Click here to download:

Episode_21_A_Call-in_Show!.m4a (24.01 MB)

Episode 19: Talking Data, Talking Science

Ally Miller joins Alex, Jay and Chris for this episode to discuss the intersection of IT risk managment data and science - 'data scientist'. Enjoy!

Episode_19_Talking_Data,_Talking_Science.m4a

(download)

Click here to download:

Episode_19_Talking_Data,_Talking_Science.m4a (16.48 MB)

Episode 18: Converging Estimation

Jay, Chris and Alex are joined by Wendy Nather for this episode. Topics include ‘convergence’ and ‘estimation’. Enjoy!

Episode_18_Converging_Estimation.m4a

(download)

Click here to download:

Episode_18_Converging_Estimation.m4a (18 MB)

Episode 17: Jay Has a Brand New Bag

We recorded well over an hour of material but most of that turned out to be outtakes.  We start out with an announcement from Jay, slide into risk predictions then end up with Art versus Science.

Note 1: One of our goals for 2012 is for Alex to get a new microphone - puh-lease.

Episode_17_Jay's_Got_a_Brand_New_Bag.m4a

(download)

Click here to download:

Episode_17_Jay's_Got_a_Brand_New_Bag.m4a (14.95 MB)

Episode 16: Visualizing Bay Threat

Chris, Alex and Jay are joined by Allison Miller and still manage to wander from topic to topic.   Alex had a red-hot visualization experience to share, Ally talk about Bay Threat and everyone talks about what is going right and what could be better in the field.

Episode_16_Visualizing_Bay_Threat.m4a

(download)

Click here to download:

Episode_16_Visualizing_Bay_Threat.m4a (18.92 MB)

Episode 15: Chaps My 'Ass'essment

Chris, Alex and Jay are collectively in a bad mood and dig into "Six Myths of Risk Assessments."  We answer a question from the twitters on sources of data and Chris differentiates between a risk assessment, controls assessment, risk analysis and risk measurement.

Six Myths of Risk Assessment:
http://www.computerweekly.com/blogs/david_lacey/2011/11/six_myths_of_risk_ass...

* Note * - CORRECTION: Around 37:00 Chris refers to COBIT; this should have been a reference to COSO. Specifically, the COSO Enterprise Risk Management - Integrated Framework.

* Note 2  - 12/4/2011 * - The original episode recording we uploaded was not complete. It is now resolved.

Episode_15_Chaps_my_Assessment.m4a

(download)

Click here to download:

Episode_15_Chaps_my_Assessment.m4a (25.32 MB)

Episode 14: Feedback Loops

Chris, Jay and Alex are joined by Adam Shostack and we dig into the topic of feedback loops within Information Security.

The Microsoft Security Intelligence Report is at http://bit.ly/tEPSpL
The Privacy Card Game is at http://bit.ly/roSR5l

Episode_14_Feedback_Loops.m4a

(download)

Click here to download:

Episode_14_Feedback_Loops.m4a (23.66 MB)

Episode 13: Almost Talkin' Visualization

Jeff Lowder joins Alex and Jay on this episode. Initially the conversation begins with the topic of risk visualization but quickly morphs into a discussion about risk appetite. Chris is absent this episode but is sure to have some follow-up comments about the risk appetite topic in a future episode. Enjoy!

Episode_13_Almost_Talkin'_Visualization.m4a

(download)

Click here to download:

Episode_13_Almost_Talkin'_Visualization.m4a (24.21 MB)

Episode 12: IT Prioritization

Jay's Description: Chris keeps Alex and Jay on track for this episode as they talk about RSA Europe, SIRA bylaws and IT Prioritization.  Jay gets a little cranky but it's okay because he edited it and made the conversation sound much better than it was.

Chris' Description: Chris is tasked with being the emcee of this episode since he is usually the "quiet" one. The main topics of this episode are:

- Star Trek theme music
- A 'shout out' to one of our favorite peeps
- Alex's RSA Europe trip
- SIRA bylays
- Attempt #1 at IT prioritization
- An AHP debate / holy war
- Attempt #2 at IT prioritization

Episode_12_IT_Prioritization.m4a

(download)

Click here to download:

Episode_12_IT_Prioritization.m4a (23.09 MB)

Snark factor in this episode: Low-Moderate

Distribution of content / participation in this episode:
Jay: 42.5%
Alex: 42.5%
Chris: 15%

Episode 11: ORM Goodness

In this episode, Alex, Chris and Jay catch up since the last recording. The main topics of discussion in this episode are:

-    A really long intro.
-    Brucon and OWASP AppSec North America 2011 conference recaps.
-    Penetration Testing Execution Standard (PTES)
-    A New Approach for Managing Operational Risk. A paper (click here) sponsored by the Society of Actuaries that was submitted to the Society of Information Risk Analysts (SIRA) mailing list in September of 2011.

Episode_11_ORM_Goodness_1.m4a

(download)

Click here to download:

Episode_11_ORM_Goodness_1.m4a (21.83 MB)

Snark factor in this episode: Low to Moderate

Distribution of content / participation in this episode:
Jay: 50%
Alex: 40%
Chris: 10%