« Return to Blog Listing

Going Beyond Qualitative, Compliance-based Approaches to Information Security

by Nicola (Nick) Sanna on May 25, 2015 1:51:00 PM

beyond-qualitativeMost organizations do not have common methods in place to quantify and manage cyber risk from the business perspective.

  • IT-centric perspectives: boards and business executives rely heavily on IT security professionals to make decisions pertaining to cyber risk
  • Broken communication: In absence of a common language, the discussions among all stakeholders end up being either overly technical or very generic
  • Qualitative assessments: in both scenarios, it is difficult to assess the level of cyber risk exposure from the business perspective other than in broad qualitative strokes... or not at all

Some companies have their IT security professionals leverage GRC solutions with the goal of managing risk, but most of their functions are meant to help meet minimum regulatory compliance, not quantify the actual cyber risk associated with key assets and business processes.

Consider adopting new cyber risk quantification approaches that will help you improve the communication and the decision-making among all stakeholders and optimize your security investments.

Schedule a Demo
This post was written by Nicola (Nick) Sanna

Nicola (Nick) Sanna is the Chief Executive Officer of RiskLens

Connect with Nicola