Notes (alphabetical)
Search to quickly find notes, articles, guides, and resources across the site.
Search to quickly find notes, articles, guides, and resources across the site.
In the world of enterprise risk management, where objective analysis is essential, a silent threat can undermine even the most robust framework: confirmation bias. What is Confirmation Bias? Confirmation bias, the tendency to favour information that confirms pre-existing beliefs, can significantly impair risk identification, assessment and response. This bias can lead to a skewed perception of risk and its impacts, resulting in inadequate assumptions, mitigation strategies, and poor decision making and outcomes. ...
FAIR is a framework for threat modeling and a standard methodology for applying Value at Risk (VaR) principles to cybersecurity and operational risk. It promotes a consistent and measurable approach to analysing and quantifying risk. FAIR approaches risk from a quantitative rather than a qualitative perspective. Traditional risk management scales that use rank or order, for example Red-Amber-Green, High-Medium-Low, or Rated 1-5, as ordinal data are qualitative in nature. FAIR provides a more precise and objective way to assess risk by focusing on numerical data, enabling better-informed decision making, and a clearer understanding of the potential financial impact. ...
Information asymmetry in financial exchanges or transactions occurs when one party has more or better information than the other. This asymmetry can create an imbalance of power in transactions, potentially leading to an unfair exchange. A prime example in Western markets is insider dealing (or insider trading), where individuals with access to material non-public information (information that could affect the price of a company’s stock) exploit their knowledge advantage for personal gain. This practice is illegal because it violates securities laws. This illegality is rooted in the unethical nature of such actions, as it breaches fiduciary duty and creates an unfair advantage. Insider trading also contributes to market inefficiency by eroding trust in the market. ...
The Information Security Forum (ISF) is an independent organization dedicated to providing practical guidance, tools, and a collaborative platform to help organizations manage and mitigate information security risks. The ISF produce a number of proprietary tools and methodologies which are available to its members. Related pages Standard of Good Practice (SOGP)