The HKMA (香港金融管理局) is Hong Kong’s central bank and banking regulator.

High-agency individuals take control of their lives, overcome obstacles, and actively shape their own paths. At first glance, INFPs - introspective, idealistic, and emotionally driven — may not seem to fit this mould. They are often perceived, particularly by extroverts, as dreamers rather than doers. But this overlooks a unique strength: INFPs possess a unique form of agency, one that operates quietly yet powerfully, driven by conviction rather than brute force. ...

In the world of enterprise risk management, where objective analysis is essential, a silent threat can undermine even the most robust framework: confirmation bias. What is Confirmation Bias? Confirmation bias, the tendency to favour information that confirms pre-existing beliefs, can significantly impair risk identification, assessment and response. This bias can lead to a skewed perception of risk and its impacts, resulting in inadequate assumptions, mitigation strategies, and poor decision making and outcomes. ...

FAIR is a framework for threat modeling and a standard methodology for applying Value at Risk (VaR) principles to cybersecurity and operational risk. It promotes a consistent and measurable approach to analysing and quantifying risk. FAIR approaches risk from a quantitative rather than a qualitative perspective. Traditional risk management scales that use rank or order, for example Red-Amber-Green, High-Medium-Low, or Rated 1-5, as ordinal data are qualitative in nature. FAIR provides a more precise and objective way to assess risk by focusing on numerical data, enabling better-informed decision making, and a clearer understanding of the potential financial impact. ...

Information asymmetry in financial exchanges or transactions occurs when one party has more or better information than the other. This asymmetry can create an imbalance of power in transactions, potentially leading to an unfair exchange. A prime example in Western markets is insider dealing (or insider trading), where individuals with access to material non-public information (information that could affect the price of a company’s stock) exploit their knowledge advantage for personal gain. This practice is illegal because it violates securities laws. This illegality is rooted in the unethical nature of such actions, as it breaches fiduciary duty and creates an unfair advantage. Insider trading also contributes to market inefficiency by eroding trust in the market. ...

The Information Security Forum (ISF) is an independent organization dedicated to providing practical guidance, tools, and a collaborative platform to help organizations manage and mitigate information security risks. The ISF produce a number of proprietary tools and methodologies which are available to its members. Related pages Standard of Good Practice (SOGP)

Information security (IS) management involves the implementation of policies, procedures and controls to protect an organisation’s information assets. Organisations will typically achieve this through the adoption of one or more information security frameworks, such as ISO 27001 or the NIST Cybersecurity framework. IS management is an increasingly important component in an organisation’s overall risk management programme. Key functions and roles involved typically include security policy development, incident response and vulnerability management. ...

Further reading Infrastructure as Code scanning - Gitlab IaC Scanning: Definition, Processes, and Technologies - Crowdstrike Related pages Infrastructure as Code (IaC)

Further reading Infrastructure as Code Security Cheatsheet - owasp Related pages Infrastructure as Code scanning

Active from 2003 to 2023, the International Risk Governance Council (IRGC) was an independent non-profit foundation based in Switzerland, with mission to improve the management of emerging and systemic risks that have or could have impacts on human and environmental health, the economy and society, and overall sustainability. IRGC website Further reading IRGC - Wikipedia

ISAE 3402 is an international standard provides guidance on the preparation of assurance reports for controls environments at service organisations. ISAE3402 reports are often used by technology companies, such as cloud and SaaS providers, as well as other business process outsourcing firms, to demonstrate to their customers that they have well-managed operations. The more widely recognised acronym for this type of report is ‘SOC’, originally standing for ‘Service Organisation Controls or, more recently, System and Organisational Controls. ...

Further reading Tool Suite - ISF Information Security Forum launches Aligned Tools Suite 2020 to help ensure compliance standards - Security Magazine

What is ISF IRAM2? IRAM2 (Information Risk Assessment Methodology version 2) is a structured methodology for assessing information risk, developed by the Information Security Forum (ISF), a membership organisation for security and risk professionals. IRAM2 is designed to help organisations identify, assess, and treat information risk using a consistent and scalable approach. It is a proprietary methodology available to ISF members. The methodology uses a six-phase process, consisting of Scoping, Business Impact Assessment, Threat Profiling, Vulnerability Assessment, Risk Evaluation, and Risk Treatment. ...