RiskLens Blog

RiskLens CEO Says Feds Need “Real Cyber Hygiene”

Posted June 22, 2018 by Jeff B. Copeland

In an article for GCN, “Real Cyber Hygiene Depends on Risk Assessment, Not Compliance,” RiskLens CEO Nick Sanna argues that the Cyber Hygiene report card issued to federal agencies by the Department of Homeland Security’s US-CERT falls short. It’s a technical vulnerability scan, not an actual risk analysis generating the most relevant information that decision-makers need, Nick writes. ... Continue Reading

4 Most Surprising Results from Quantitative Risk Analysis

Posted June 21, 2018 by Taylor Chester

To run a FAIR quantitative risk analysis is to take a truly fresh look at all your assumptions about risk: the value of your assets, the strength of your controls and the real likelihood of loss. You'll probably have a few “head scratcher” moments along the way ... Continue Reading

New Day for Cyber Risk: CRQ Emerges

Posted June 21, 2018 by Jeff B. Copeland

Maps → GPS.  Flip-phones → iPhones. Qualitative cyber risk assessment → Quantitative cyber risk assessment.  See a pattern here? There come inflection points when we realize that tools we once had to work with were inadequate in ways we could never have imagined. ... Continue Reading

Case Study: Risk Management Team Uncovers True Cost of Global IP Theft

Posted June 13, 2018 by Jeff B. Copeland

The access process for the service portal of a global technology manufacturing company had a serious flaw. Once in the portal, anyone could get in and download the materials they needed to compete with the technology company’s authorized partners to service its products. ... Continue Reading

How CISOs Use FAIR to Set Strategic Priorities for Spending

Posted June 13, 2018 by Jack Freund

One purportedly difficult thing to measure in cybersecurity is the impact of strategy. Ultimately, we should be able to tell executives how much risk they have before we execute our strategy, ... Continue Reading

Gartner Names Risk Quantification a Critical Capability of Integrated Risk Management

Posted June 13, 2018 by Bryan Smith

Are you able to effectively evaluate your cyber security risk in business terms? Last week Gartner listed "Risk Quantification & Analytics" as part of five critical capabilities of IRM. If you're not quantifying you're not truly evaluating cyber risk, according to the leading technology analyst firm.  ... Continue Reading

How RiskLens Pricing Works

Posted June 7, 2018 by Chelsea Brunson

A popular question that we hear here at RiskLens is "How is your Cyber Risk Quantification (CRQ) SaaS solution licensed? And, what's your pricing model?" ... Continue Reading

4 Steps to a Smarter Risk Heat Map

Posted June 6, 2018 by Cody Whelan

The risk heat map. An industry staple for many years.  The standard 3x3, or 5x5 chart that has frequency on one axis, severity on the other, with colors ranging from green to red.   ... Continue Reading

Why Boards Tune Out CISOs: Lessons from 2 Conference Panels

Posted May 31, 2018 by Jeff B. Copeland

Surveys of corporate directors consistently show that boards aren’t satisfied with reporting from chief information security officers and rank them at the bottom in management for communication skills. At the recent Cyber Balance Sheet summit in New York, that disconnect was clearly on display ... Continue Reading

In Two Surveys, Cries for Help from Boards on Cybersecurity

Posted May 29, 2018 by Jeff B. Copeland

Two recent surveys of public company corporate directors – by PwC and Corporate Board Member Magazine/Spencer Stuart--found considerable worry about cyber risk and dissatisfaction with management reporting on cybersecurity. ... Continue Reading

Sign Up for Blog Updates

Popular Posts