Welcome to the CXOWARE blog. We hope you’ll join us for lively and good natured discussion about risk and risk issues!  We’re risk geeks, plain and simple. We’re big advocates of the Factor Analysis of Information Risk (FAIR) framework for quantifying risk.

Gartner recognizes CXOWARE as a Cool Vendor for Risk Management 2015

07 April, 2015

Every year, Gartner recognizes three companies as “Cool Vendors in Risk Management” for their advancement in digital risk management software. This year, CXOWARE was recognized for its cyber risk quantification software, along with two other companies that cover other facets of risk management (Camms, Palerra).

In his written announcement, Gartner’s John A. Wheeler affirms that “what sets these vendors apart from others is their ability to provide answers to the following critical questions asked by our clients at Gartner:
Read More

Peak Performance with Quantitative Risk Analysis

18 March, 2015 Blog Posts

Finding efficiency when performing quantitative analyses

A successful and optimized risk analyst team should be looking for two traits: efficiency and consistency. But when it comes to quantitative risk analyses, many analysts believe the efficiency part is the most challenging trait to achieve.  We've found that there are two key areas of efficiency to focus on when doing a quantitative risk analysis: process and platform.

Read More

The Anthem Breach

09 February, 2015 FAIR, RiskCalibrator, CyberSecurity

We’re not ambulance chasers, but a formal cybersecurity risk assessment and analysis with the output expressed in loss-event-frequency and loss-magnitude would seem appropriate right now for Anthem given their recent breach. The unfortunate reality is that the event just happened (likely caused by compromised credentials from phishing attacks) and there will be a substantial cost to Anthem and the insurance carriers. This has brought visibility to the problem and now executives need to be better prepared for inevitable future events. Personal data and medical records are a lucrative target (with some estimates putting the value from $20 to $1000 per record). Factor Analysis of Information Risk and RiskCalibrator can bring clarity to future mitigation strategies.

Read More

World Economic Forum calls for Quantification of Cyber Threats

29 January, 2015 FAIR

The World Economic Forum released a paper last week, called "Partnering for Cyber Resilience Towards the Quantification of Cyber Threats". The paper can be read here on the WEF's site. From the paper:

Read More

Start off 2015 right and get FAIR trained

26 January, 2015 FAIR Training,, Open Group

Start off 2015 right! Get FAIR trained and learn to quantify cyber security risk.

Read More

Jack Jones of CXOWARE to Examine “Risk Management Groundhog Day” at ISACA’s North America CACS Conference

20 January, 2015 News

Rolling Meadows, IL, USA (20 January 2015)—Jack Jones will discuss how to systemically manage control deficiencies at ISACA’s North America CACS conference 16-18 March 2015 in Orlando, Florida, USA. Attendees will gain guidance to face today’s IT audit and security challenges and stay ahead of trends on the horizon.

In his presentation, titled “Breaking Out of Risk Management Groundhog Day,” Jack Jones will discuss the factors that drive many organizations to experience the same risk management control deficiencies over and over again.

Read More

FAIR Triage Brings Risk Framework to Information Security Policy Exceptions

12 January, 2015 News

Risk managers enabled to do quick analysis for risk associated with IT and cybersecurity policy exceptions

SPOKANE, Wash., (TBD) – CXOWARE, a cybersecurity risk analysis solutions provider, today announced Factor Analysis of Information Risk (FAIR) Triage, part of the RiskCalibrator 2.0 solution. FAIR Triage has been developed to enable risk managers to rapidly evaluate common risk issues, such as security policy exceptions, audit findings, and technology proposals.

Read More

Fixing the RCSA - Free Webinar

18 December, 2014

Risk and Control Self-Assessments (RCSA’s) are often considered to be an important part of the risk management process, particularly in the financial industry.  Unfortunately, many RCSA’s suffer from one or more serious problems that can result in management being misinformed about risk.  In this session, Jack Jones will describe:

Read More

Fixing the Risk & Control Self-Assessment (RCSA) - Free Webinar

10 November, 2014 Featured, Blog Posts

Risk and Control Self-Assessments (RCSA’s) are often considered to be an important part of the risk management process, particularly in the financial industry. Unfortunately, many RCSA’s suffer from one or more serious problems that can result in management being misinformed about risk. In this session, Jack Jones will describe:

Read More

Risk Team + Threat Intel Team = Dream Team

01 October, 2014 Featured, Blog Posts

‘Threat’ is the big InfoSec word of 2014. Threat, threat intelligence, and threat profiling continue to be common themes palpable at every InfoSec conference this year. It seems like just recently we were talking about our new Red Team and now already we’re already talking about the organization’s new Threat Intelligence unit. Understanding threats is not a new concept; however, this latest approach is increasingly valuable to organizations that understand the value proposition of InfoSec: our ability to estimate how often losses occur and how bad those losses are. (Hey, that’s why you’re reading this blog, right?)

Read More