RiskLens Blog

Cody Whelan

Find me on:

Recent Posts

Case Study: Data Walking Out the Door. Data Masking Worth It?

Posted March 17, 2017 by Cody Whelan

The CISO knew he had a data leak but he didn’t know how big. He suspected data masking was the solution but he couldn’t make a business case for the investment. Those were the problems RiskLens Risk Consultant Cody Whelan and team set out to solve for this client. (No company names here; we respect our clients’ privacy.) 

Read Cody’s notes to pick up the story:

... Continue Reading

How to Get Better Risk Analysis Results by Focusing on Probability vs Possibility

Posted February 27, 2017 by Cody Whelan

Trench warfare on the risk analysis front

I am ashamed to admit it, but it’s happened to me before.

... Continue Reading

Assumptions Are A Powerful Thing

Posted February 16, 2017 by Cody Whelan

In my last post, I discussed the importance of scoping in risk analysis.

... Continue Reading

How To Scope A Risk Analysis Using FAIR

Posted January 27, 2017 by Cody Whelan

There is nothing finer than a well-constructed and thought-out risk scenario, bar none.

... Continue Reading

Demanding More of IRM: Risk Assessments

Posted January 10, 2017 by Cody Whelan

From GRC to IRM

A shift, or something of a rebranding within the GRC space has been gathering steam over the past few months.

... Continue Reading

What Is The Right Kind of Quantification in Cyber Risk Management?

Posted November 11, 2016 by Cody Whelan

As part of our series on the newly proposed cyber risk management regulations for US banks, I wanted to piggyback off of the great insights my colleague Isaiah McGowan recently shared in a post, as well as bring to the forefront a concerning premonition that is based on past experience.

... Continue Reading

RiskLens Loss Tables: What They Are And Why We Love Them

Posted October 11, 2016 by Cody Whelan

What’s the same about a lost company cell phone, a web application attack and a database breach?

... Continue Reading

The Inherent Problems of Vendor Risk Assessments Without A Model

Posted October 3, 2016 by Cody Whelan

The vendor assessment teams we’ve had the opportunity to work with are great.

... Continue Reading

Risk Management Maturity: Not a One-size Fits All

Posted September 8, 2016 by Cody Whelan

Risk Management Maturity Goals

Risk Management maturity models seem to be prerequisites for almost any and every industry.

... Continue Reading

My Takeaways From NIST CSF & FAIR Blog Series

Posted August 11, 2016 by Cody Whelan

Jack Jones, the creator of FAIR, just finished putting together a fantastic five-part blog post series comparing and contrasting NIST CSF and FAIR.

... Continue Reading

Sign Up for Blog Updates