Posted May 2, 2017 by Cody Whelan
I just wrapped an engagement analyzing a bank’s top 10 risks with RiskLens, and the results were surprising: One of the risks the bank’s infosecurity team most feared turned out to be not much of a concern while another risk that was flying under their radar in fact had the potential to do them serious harm.
Posted April 5, 2017 by Isaiah McGowan
With budget tight, an IT services firm faced some difficult choices: which of two competing cybersecurity solutions would deliver the maximum defense for the bucks and – bigger picture – which way to go on their security strategy. The company called in a RiskLens team led by Senior Risk Consultant Isaiah McGowan.
Posted December 1, 2016 by Jack Jones
In September 2016, I had an opportunity to give a presentation at this year’s (ISC)² Security Congress on measuring cloud-related risk using FAIR.
Posted October 28, 2016 by Isaiah McGowan
If you spend enough time around Jack Jones you will hear him exclaim: “70 to 90 percent of the things I encounter in Top 10 lists really aren’t risks”.
Posted September 20, 2016 by Isaiah McGowan
Posted September 7, 2016 by Chad Weinman
Why is risk not directly assessed when organizations consider moving systems or data to the cloud?
Posted June 28, 2016 by Chad Weinman
One form of analysis that risk analysts perform are "emerging risk" assessments. These assessments are performed ad-hoc, when there is a perceived change in the risk landscape. This change can take the form of a new threat community, new attack methods, recently identified vulnerabilities, etc.
Posted March 4, 2016 by Chad Weinman
A new monthly discussion format where the RiskLens team dives into a recently completed risk analysis.
Posted February 23, 2016 by Isaiah McGowan
The challenge of evaluating IT security initiatives
Business stakeholders are constantly evaluating security initiatives. These initiatives span the gamut from minor control changes to capital expense projects. For Fortune 500 organizations, that list of initiatives can number into the hundreds. Managing that book of work is no simple task; initiatives have to be prioritized based on perceived need, budget, changes in compliance landscapes, changes in the threat landscape, etc.
Posted February 12, 2016 by Isaiah McGowan