RiskLens Blog

Three Reasons NOT to Build a FAIR Spreadsheet

Posted September 21, 2017 by Chris Bryant

Ever since the FAIR model was selected by The Open Group in 2013 as their standard model for quantifying information risk, risk professionals have been looking for ways to apply it practically. Users cherish the principles upon which FAIR is based:

... Continue Reading

Too Many CISOs and Technology Risk Executives Miss the Big Picture

Posted September 15, 2017 by Steve Tabacek

A Forbes online article makes the observation “When CEOs Talk Strategy, 70% of the Company Doesn’t Get It.” The article goes on to say that even in high-performing companies with “clearly articulated public strategies,” only 30% of employees can correctly identify their company’s strategy.

... Continue Reading

Understanding “Secondary Loss”, the Price of a Data Breach

Posted September 13, 2017 by Rebecca Merritt

We’re big fans of the FAIR model that powers the RiskLens platform because it’s a tool for running down every little corner of potential threats and losses to arrive at as accurate an estimate of risk as possible. It’s also a model of clear thinking – you can pretty much look at this diagram below and understand how we analyze risk.  

... Continue Reading

The Equifax Data Breach: Lessons to Learn

Posted September 11, 2017 by Jeff B. Copeland

The massive exfiltration of data from Equifax—Social Security numbers and more vital information on perhaps 143 million persons—serves a chilling notice.

... Continue Reading

Win the Infosec Budget Cycle: A Short Guide for CISOs

Posted September 7, 2017 by Steve Tabacek

For many of our customers, the end of summer also brings the annual task of securing the next fiscal year’s budget.

... Continue Reading

Admit It. You Don't Really Measure Your Cybersecurity ROI

Posted September 5, 2017 by Leanne Scott

Back when I was in a mentorship program and learning how the upper echelons of my company worked, I learned about the Information Technology budgeting process.  It was a hoot. 

... Continue Reading

The FAIR Model Explained in 90 Seconds

Posted September 1, 2017 by Paige Pilarski

How do you eat an elephant? One bite at a time. You’ve probably heard this joke before about solving complex problems. It relates to risk, too.

... Continue Reading

In Vendor Risk Assessment, All “High Risks” Are Not Created Equal

Posted August 30, 2017 by Teresa Suarez

During a client engagement, I listened to two experienced information security risk professionals lament about the results of a recent vendor risk assessment survey. The results indicated several “High Risk” vendors that needed attention. However, they couldn’t distinguish which “High Risk” vendors posed the most pressing or biggest threats to the company.

... Continue Reading

Disaster Planning: Put Numbers on Your Risk

Posted August 29, 2017 by Jeff B. Copeland

The fast-rising waters from Hurricane Harvey that submerged Houston show how important it is to have business continuity plans ready – and right.

... Continue Reading

Avoiding Garbage In/Garbage Out in Cyber Risk Measurement

Posted August 24, 2017 by Tim Wynkoop

At RiskLens, we figure risk as the probable frequency and probable magnitude of a future loss – in other words, how often losses are likely to happen and how much loss is likely to result. 

... Continue Reading

Sign Up for Blog Updates