RiskLens Blog

Rise of the Business-Savvy CISO [Infographic]

Posted May 26, 2017 by Jeff B. Copeland

Generally speaking, Chief Information Security Officers (CISOs) came up through the ranks of IT, corporate security or law enforcement, not the business management path. Now, CISOs have to evolve to think and speak like experienced business people. What's going on? This infographic outlines four forces coming together to push cybersecurity leaders out of their normal skillsets and comfort zones. 

... Continue Reading

Guarding the Galaxy Against Supervillains: A FAIR Risk Analysis

Posted May 23, 2017 by Tim Wynkoop

I frequently hear from clients that they'd like to perform a FAIR risk analysis on more than just information risk or cyber risk.  They want to be able to perform more of an operational risk analysis.  Thankfully, FAIR (that’s Factor Analysis of Information Risk, the model that powers RiskLens) is flexible enough that you can do just that.  I have enlisted the help of my friends at Marvel to show how easy it is to perform a FAIR analysis on just about anything, including operational risk–just for fun, let’s say, on guarding the galaxy.   

... Continue Reading

How I Analyzed the Top 10 Cybersecurity Risks for a Financial Institution (a Deep Dive)

Posted May 19, 2017 by Cody Whelan

For a few weeks now in blog posts, I’ve referenced the Top 10 cybersecurity risk analysis I conducted with RiskLens for a financial institution customer (see In a Top 10 Risks Analysis, Get These Two Factors Right).  Now that anticipation is at a peak, I figured I would provide my overview, along with some key insights to each risk-analysis scenario.  

... Continue Reading

A Better Way to Meet Trump’s Cybersecurity Order: Quantify Risk

Posted May 16, 2017 by Chris Bryant

It’s official, President Trump’s new Executive Order on cybersecurity has been signed, after versions circulated around the government and security community for months.

... Continue Reading

5 Questions Boards Should Ask About Cyber Risk [Infographic]

Posted May 11, 2017 by Jack Jones


There is growing concern that corporate boards and senior executives are not prepared to govern their organization’s exposure to cyber risk. While true to some degree, executive management can learn to identify and focus on the strategic and systemic sources of cyber risk, without becoming distracted by complex technology-related symptoms, by understanding the organization’s ability to make well-informed decisions about cyber risk and reliably execute those decisions.

... Continue Reading

Cyber Insurance: Smart Shopping When “Every Policy Is Different”

Posted May 10, 2017 by Jeff B. Copeland

Buying cyber insurance? Prepare to be confused by a marketplace too new to have standardized policies.  Your best strategy is to get a firm grip on what your company has at risk, and read the fine print to find an insurance plan that meets your specific needs.

... Continue Reading

In a Top-10 Risks Analysis, Get These 2 Factors Right

Posted May 2, 2017 by Cody Whelan

I just wrapped an engagement analyzing a bank’s top 10 risks with RiskLens, and the results were surprising: One of the risks the bank’s infosecurity team most feared turned out to be not much of a concern while another risk that was flying under their radar in fact had the potential to do them serious harm.

... Continue Reading

What Does RiskLens Risk Reporting Tell Me?

Posted April 27, 2017 by Chelsea Brunson

RiskLens is great because it allows you to do cyber risk quantification in dollars-and-cents terms. 

To make things better, the work flow is easy: ... Continue Reading

How to Unscramble Your Risk Register with FAIR [Video]

Posted April 26, 2017 by Chad Weinman

The risk register: A manifesto for rallying your organization, pointing it in the right direction, and marching everybody toward effective risk management. Anyway, that’s the idea.

... Continue Reading

RiskLens Risk Quantification Platform To Integrate with RSA Archer's Risk Register

Posted April 25, 2017 by Bryan Smith

I'm pleased to announce that RiskLens, Inc., the leading provider of Cyber Risk Quantification (CRQ) solutions, is releasing an integration between our risk quantification platform and RSA Archer’s Risk Register. The integration enables risk information to be delivered in a language both technical and non-technical business executives can understand, the financial language of dollars and cents.

... Continue Reading

Sign Up for Blog Updates