Posted December 1, 2016 by Jack Jones
In September 2016, I had an opportunity to give a presentation at this year’s (ISC)² Security Congress on measuring cloud-related risk using FAIR.
Posted October 28, 2016 by Isaiah McGowan
If you spend enough time around Jack Jones you will hear him exclaim: “70 to 90 percent of the things I encounter in Top 10 lists really aren’t risks”.
Posted September 20, 2016 by Isaiah McGowan
Posted September 7, 2016 by Chad Weinman
Why is risk not directly assessed when organizations consider moving systems or data to the cloud?
Posted June 28, 2016 by Chad Weinman
One form of analysis that risk analysts perform are "emerging risk" assessments. These assessments are performed ad-hoc, when there is a perceived change in the risk landscape. This change can take the form of a new threat community, new attack methods, recently identified vulnerabilities, etc.
Posted March 4, 2016 by Chad Weinman
A new monthly discussion format where the RiskLens team dives into a recently completed risk analysis.
Posted February 23, 2016 by Isaiah McGowan
The challenge of evaluating IT security initiatives
Business stakeholders are constantly evaluating security initiatives. These initiatives span the gamut from minor control changes to capital expense projects. For Fortune 500 organizations, that list of initiatives can number into the hundreds. Managing that book of work is no simple task; initiatives have to be prioritized based on perceived need, budget, changes in compliance landscapes, changes in the threat landscape, etc.
Posted February 12, 2016 by Isaiah McGowan
Posted February 3, 2016 by Isaiah McGowan
Here at RiskLens, one of our passions is quantifying (in dollars and cents) things that some say cannot be quantified. This is the third in a series of posts exploring examples of quantified risks.
What we covered so far
At the beginning of this series, we covered elements of quantification and explained who is involved in quantifying risk. We looked at the ROI of database tokenization and the ROI of encryption-at-rest. Both were clear-cut decisions. Next, we will discuss a multi-option ROI comparison.
Posted January 27, 2016 by Isaiah McGowan
Here at RiskLens, one of our passions is quantifying (in dollars and cents) things that some say cannot be quantified. This is the second in a series of posts exploring examples of quantified risks.