Posted December 13, 2018 by Jeff B. CopelandA report from The U.S. House of Representatives Committee on Oversight and Government Reform on the Equifax data breach of 2017 recommends that “Federal agencies and the private sector should work together to increase transparency of a company’s cybersecurity risks and steps taken to mitigate such risks.”
Posted December 12, 2018 by Jeff B. CopelandFor a leading indicator on where the cybersecurity industry is trending, scan the lineup of topics for sessions at the annual RSA Conference, coming in 2019 on Monday-Friday, March 4-8, in San Francisco. The agenda is just out and it looks like 2019 is shaping up as year of heightened interest in a risk-based approach
Posted December 12, 2018 by Jeff B. CopelandIn a new article for Dark Reading, How Well Is Your Organization Investing Its Cybersecurity Dollars?, Jack Jones, RiskLens' Chief Risk Scientist, gives as cogent an explanation as you’ll find for cyber risk quantification as the foundation of a cybersecurity program.
Posted December 6, 2018 by Jeff B. CopelandIn a lead article on the Homeland Security Today website, A Game Plan to Identify, Protect Information Crown Jewels, RiskLens Co-Founder and Chief Risk Scientist Jack Jones has some advice for federal agencies required to identify and prioritize risk management on their “crown jewels”: Get a clearer picture on your high-value assets, then get an effective risk analysis model to guide your security investments.
Posted December 5, 2018 by Rebecca MerrittOne thing we learn from Factor Analysis of Information Risk (that’s the FAIR model that powers the RiskLens cyber risk analytics platform) is to take a disciplined approach to our thinking and language about risk.
Posted December 3, 2018 by Jeff B. Copeland“I was just expensive noise. The fact that I couldn’t express the value proposition of cybersecurity was a real problem in senior executives' eyes.” That’s Jack Jones describing the painful moment of his career as a CISO that set him on the path to creating Factor Analysis of Information Risk (FAIR)
Posted November 28, 2018 by Jeff B. CopelandA few pioneering boards are “taking the bold step of forming a full-fledged committee focused on cybersecurity,” the WSJ Pro Cybersecurity newsletter reports (subscribe to the newsletter to read the article).
Posted November 28, 2018 by Taylor MazeAs we are thrown headlong into the holiday season, several things are inevitable: peppermint lattes, parking catastrophes at your local mall, and (if you’re a control owner, director, systems architect or just an unlucky IT analyst at a 12/31 business) year-end controls testing by your friendly neighborhood auditor.
Posted November 21, 2018 by Tim WynkoopI recently ran an analysis for a major bank that I think shows the power of both the FAIR Model for thinking through cybersecurity investment decisions and the power of the RiskLens CRQ platform for quickly running the numbers to support those decisions, often with surprising results.
Posted November 15, 2018 by Jeff B. CopelandRiskLens Co-Founder and Chief Risk Scientist Jack Jones created the FAIR model for quantitative cyber risk analysis that powers the RiskLens analytics platform and wrote Measuring and Managing Information Risk, inducted into the Cybersecurity Canon as one of the most influential books for risk professionals.