Posted January 15, 2019 by Jeff B. CopelandIn a new article for the Wall Street Journal's WSJ Pro Cybersecurity newsletter, Kim S. Nash writes that “Corporate security leaders often fight a perception among other senior leaders that cybersecurity efforts bring costs without quantifiable returns.
Posted January 11, 2019 by Jeff B. CopelandThe Advanced Cyber Security Center is just out with a study on Leveraging Board Governance for Cybersecurity that makes a strong case, and lays out some specific recommendations, for boards to demand cyber risk analytics—not operational checklists—as a basis for board oversight on cybersecurity.
Posted January 9, 2019 by Jeff B. CopelandIan Amit faces a complex management problem as Chief Security Officer at Cimpress, the parent company for multiple independent businesses: Each unit chooses and operates its own technical stack and security and risk management in a “shared security responsibility” model. How to lead from behind?
Posted December 27, 2018 by Jeff B. CopelandRiskLens and the FAIR risk model are change agents in the world of cyber risk management and the most popular blog posts we published in 2018 are a leading indicator of where the movement is heading. Take a look at the Top 10, by page views:
Posted December 18, 2018 by Jeff B. Copeland“Security Spending to Rise on GDPR Concerns” headlines a recent edition of the Wall Street Journal’s WSJ Pro Cybersecurity newsletter (subscription required) that details how seriously companies take the EU’s privacy regulations that went into effect last May.
Posted December 13, 2018 by Jeff B. CopelandA report from The U.S. House of Representatives Committee on Oversight and Government Reform on the Equifax data breach of 2017 recommends that “Federal agencies and the private sector should work together to increase transparency of a company’s cybersecurity risks and steps taken to mitigate such risks.”
Posted December 12, 2018 by Jeff B. CopelandFor a leading indicator on where the cybersecurity industry is trending, scan the lineup of topics for sessions at the annual RSA Conference, coming in 2019 on Monday-Friday, March 4-8, in San Francisco. The agenda is just out and it looks like 2019 is shaping up as year of heightened interest in a risk-based approach
Posted December 12, 2018 by Jeff B. CopelandIn a new article for Dark Reading, How Well Is Your Organization Investing Its Cybersecurity Dollars?, Jack Jones, RiskLens' Chief Risk Scientist, gives as cogent an explanation as you’ll find for cyber risk quantification as the foundation of a cybersecurity program.
Posted December 6, 2018 by Jeff B. CopelandIn a lead article on the Homeland Security Today website, A Game Plan to Identify, Protect Information Crown Jewels, RiskLens Co-Founder and Chief Risk Scientist Jack Jones has some advice for federal agencies required to identify and prioritize risk management on their “crown jewels”: Get a clearer picture on your high-value assets, then get an effective risk analysis model to guide your security investments.
Posted December 3, 2018 by Jeff B. Copeland“I was just expensive noise. The fact that I couldn’t express the value proposition of cybersecurity was a real problem in senior executives' eyes.” That’s Jack Jones describing the painful moment of his career as a CISO that set him on the path to creating Factor Analysis of Information Risk (FAIR)