Posted June 22, 2018 by Jeff B. CopelandIn an article for GCN, “Real Cyber Hygiene Depends on Risk Assessment, Not Compliance,” RiskLens CEO Nick Sanna argues that the Cyber Hygiene report card issued to federal agencies by the Department of Homeland Security’s US-CERT falls short. It’s a technical vulnerability scan, not an actual risk analysis generating the most relevant information that decision-makers need, Nick writes.
Posted June 21, 2018 by Taylor ChesterTo run a FAIR quantitative risk analysis is to take a truly fresh look at all your assumptions about risk: the value of your assets, the strength of your controls and the real likelihood of loss. You'll probably have a few “head scratcher” moments along the way
Posted June 21, 2018 by Jeff B. CopelandMaps → GPS. Flip-phones → iPhones. Qualitative cyber risk assessment → Quantitative cyber risk assessment. See a pattern here? There come inflection points when we realize that tools we once had to work with were inadequate in ways we could never have imagined.
Posted June 13, 2018 by Jeff B. CopelandThe access process for the service portal of a global technology manufacturing company had a serious flaw. Once in the portal, anyone could get in and download the materials they needed to compete with the technology company’s authorized partners to service its products.
Posted June 13, 2018 by Jack FreundOne purportedly difficult thing to measure in cybersecurity is the impact of strategy. Ultimately, we should be able to tell executives how much risk they have before we execute our strategy,
Posted June 13, 2018 by Bryan SmithAre you able to effectively evaluate your cyber security risk in business terms? Last week Gartner listed "Risk Quantification & Analytics" as part of five critical capabilities of IRM. If you're not quantifying you're not truly evaluating cyber risk, according to the leading technology analyst firm.
Posted June 7, 2018 by Chelsea BrunsonA popular question that we hear here at RiskLens is "How is your Cyber Risk Quantification (CRQ) SaaS solution licensed? And, what's your pricing model?"
Posted June 6, 2018 by Cody WhelanThe risk heat map. An industry staple for many years. The standard 3x3, or 5x5 chart that has frequency on one axis, severity on the other, with colors ranging from green to red.
Posted May 31, 2018 by Jeff B. CopelandSurveys of corporate directors consistently show that boards aren’t satisfied with reporting from chief information security officers and rank them at the bottom in management for communication skills. At the recent Cyber Balance Sheet summit in New York, that disconnect was clearly on display
Posted May 29, 2018 by Jeff B. CopelandTwo recent surveys of public company corporate directors – by PwC and Corporate Board Member Magazine/Spencer Stuart--found considerable worry about cyber risk and dissatisfaction with management reporting on cybersecurity.