RiskLens Blog

2 Tips for Smarter, Faster Risk Analysis

Posted September 22, 2017 by Cody Whelan

A common concern I hear from new RiskLens customers starting with cyber risk quantification, along with some executives of our existing customer base, is that the risk analysis process, more specifically data gathering, takes too long and is too burdensome on their resources.

... Continue Reading

Three Reasons NOT to Build a FAIR Spreadsheet

Posted September 21, 2017 by Chris Bryant

Ever since the FAIR model was selected by The Open Group in 2013 as their standard model for quantifying information risk, risk professionals have been looking for ways to apply it practically. Users cherish the principles upon which FAIR is based:

... Continue Reading

Too Many CISOs and Technology Risk Executives Miss the Big Picture

Posted September 15, 2017 by Steve Tabacek

A Forbes online article makes the observation “When CEOs Talk Strategy, 70% of the Company Doesn’t Get It.” The article goes on to say that even in high-performing companies with “clearly articulated public strategies,” only 30% of employees can correctly identify their company’s strategy.

... Continue Reading

Understanding “Secondary Loss”, the Price of a Data Breach

Posted September 13, 2017 by Rebecca Merritt

We’re big fans of the FAIR model that powers the RiskLens platform because it’s a tool for running down every little corner of potential threats and losses to arrive at as accurate an estimate of risk as possible. It’s also a model of clear thinking – you can pretty much look at this diagram below and understand how we analyze risk.  

... Continue Reading

The Equifax Data Breach: Lessons to Learn

Posted September 11, 2017 by Jeff B. Copeland

The massive exfiltration of data from Equifax—Social Security numbers and more vital information on perhaps 143 million persons—serves a chilling notice.

... Continue Reading

Win the Infosec Budget Cycle: A Short Guide for CISOs

Posted September 7, 2017 by Steve Tabacek

For many of our customers, the end of summer also brings the annual task of securing the next fiscal year’s budget.

... Continue Reading

Admit It. You Don't Really Measure Your Cybersecurity ROI

Posted September 5, 2017 by Leanne Scott

Back when I was in a mentorship program and learning how the upper echelons of my company worked, I learned about the Information Technology budgeting process.  It was a hoot. 

... Continue Reading

The FAIR Model Explained in 90 Seconds

Posted September 1, 2017 by Paige Pilarski

How do you eat an elephant? One bite at a time. You’ve probably heard this joke before about solving complex problems. It relates to risk, too.

... Continue Reading

In Vendor Risk Assessment, All “High Risks” Are Not Created Equal

Posted August 30, 2017 by Teresa Suarez

During a client engagement, I listened to two experienced information security risk professionals lament about the results of a recent vendor risk assessment survey. The results indicated several “High Risk” vendors that needed attention. However, they couldn’t distinguish which “High Risk” vendors posed the most pressing or biggest threats to the company.

... Continue Reading

Disaster Planning: Put Numbers on Your Risk

Posted August 29, 2017 by Jeff B. Copeland

The fast-rising waters from Hurricane Harvey that submerged Houston show how important it is to have business continuity plans ready – and right.

... Continue Reading

Sign Up for Blog Updates