RiskLens Blog

In a Top-10 Risks Analysis, Get These 2 Factors Right

Posted May 2, 2017 by Cody Whelan

I just wrapped an engagement analyzing a bank’s top 10 risks with RiskLens, and the results were surprising: One of the risks the bank’s infosecurity team most feared turned out to be not much of a concern while another risk that was flying under their radar in fact had the potential to do them serious harm.

... Continue Reading

Case Study: Which Cybersecurity Solution Delivers the ROI?

Posted April 5, 2017 by Isaiah McGowan

With budget tight, an IT services firm faced some difficult choices: which of two competing cybersecurity solutions would deliver the maximum defense for the bucks and – bigger picture – which way to go on their security strategy. The company called in a RiskLens team led by Senior Risk Consultant Isaiah McGowan.

... Continue Reading

Video Now Available: Quantifying Cloud Risk

Posted December 1, 2016 by Jack Jones

In September 2016, I had an opportunity to give a presentation at this year’s (ISC)² Security Congress on measuring cloud-related risk using FAIR.

... Continue Reading

Presenting The Top 10 Risks To The Board

Posted October 28, 2016 by Isaiah McGowan

If you spend enough time around Jack Jones you will hear him exclaim: “70 to 90 percent of the things I encounter in Top 10 lists really aren’t risks”.

... Continue Reading

Two Questions Every Risk Assessment Should Answer - Part 1

Posted September 20, 2016 by Isaiah McGowan

There is a theme to the questions executives ask about risk assessment results.
... Continue Reading

How To Make Risk Informed Decisions About Moving To The Cloud

Posted September 7, 2016 by Chad Weinman

Why is risk not directly assessed when organizations consider moving systems or data to the cloud? 

... Continue Reading

How Much Risk Is Associated With Ransomware?

Posted June 28, 2016 by Chad Weinman

One form of analysis that risk analysts perform are "emerging risk" assessments. These assessments are performed ad-hoc, when there is a perceived change in the risk landscape. This change can take the form of a new threat community, new attack methods, recently identified vulnerabilities, etc.

... Continue Reading

[PODCAST] Assessing The Risk Associated With IT Hygiene

Posted March 4, 2016 by Chad Weinman

A new monthly discussion format where the RiskLens team dives into a recently completed risk analysis.

... Continue Reading

Case Study: How to Evaluate Audit Findings

Posted February 23, 2016 by Isaiah McGowan

The challenge of evaluating IT security initiatives 

Business stakeholders are constantly evaluating security initiatives. These initiatives span the gamut from minor control changes to capital expense projects. For Fortune 500 organizations, that list of initiatives can number into the hundreds. Managing that book of work is no simple task; initiatives have to be prioritized based on perceived need, budget, changes in compliance landscapes, changes in the threat landscape, etc.

... Continue Reading

How Does Consumer Behavior Following A Credit Card Breach Affect Cybersecurity Risk?

Posted February 12, 2016 by Isaiah McGowan

Consumer behavior following a breach

A recent blog post by PCIGuru points us to a new study sponsored by the Merchant Acquirers’ Committee that seeks to understand how customers behave after a retail breach. PCIGuru cautions retailers against assuming that they can downplay credit card breaches. According to the study, a majority of shoppers return to transacting with the retailer within three to six months of a credit card breach.

In this article, I describe the results of a risk analysis I conducted to evaluate the impact of customer behavior following a credit card breach, in dollars and cents. The results are clear: retailers cannot assume that the loss exposure is excusable on the basis that "customers are likely to continue shopping regardless of a credit card breach".

... Continue Reading

Sign Up for Blog Updates