RiskLens Blog

Tim Wynkoop

Tim Wynkoop is a Risk Consultant at RiskLens.

Find me on:

Recent Posts

Case Study: RiskLens Clarifies Complicated Decision on Multifactor Authentication

Posted November 21, 2018 by Tim Wynkoop

I recently ran an analysis for a major bank that I think shows the power of both the FAIR Model for thinking through cybersecurity investment decisions and the power of the RiskLens CRQ platform for quickly running the numbers to support those decisions, often with surprising results.   ... Continue Reading

Case Study: ‘High Risk’ Audit Finding Doesn't Hold Up to FAIR Analysis

Posted August 20, 2018 by Tim Wynkoop

I recently worked with a retail organization to run a FAIR analysis on an audit finding and settle a difference between the IT and Internal Audit teams.  It’s a simple story but one that shows the power of quantitative risk analysis to get beyond guesswork and gut feelings ... Continue Reading

Analyzing the Financial Risk of Ransomware with FAIR

Posted May 3, 2018 by Tim Wynkoop

In 2017, the shipping giant Maersk had to halt its global operations to reinstall its entire IT infrastructure-- 4,000 servers and 45,000 PCs-–after the NotPetya ransomware locked up its machines; the cost in lost business and remediation could hit $300 million. ... Continue Reading

The Six Types of Loss in Cyber Incidents

Posted March 9, 2018 by Tim Wynkoop

The FAIR model (and the RiskLens risk quantification application built on it) are all about a disciplined way to talk about risk, including being very specific about the types of loss ... Continue Reading

Sometimes the Best Cybersecurity "Control" Is a New Hire

Posted February 26, 2018 by Tim Wynkoop

I was recently asked if Factor Analysis of Information Risk (the FAIR model) could be used to save time. Interesting conundrum. ... Continue Reading

Best RiskLens Reports for Quick, Risk-Based Decision-Making

Posted January 31, 2018 by Tim Wynkoop

With the opportunity to work with a variety of customers throughout their RiskLens journey, I frequently get asked the question about which of our quantitative risk reports provide the most bang for the buck when an organization is trying to make a risk-related decision.   ... Continue Reading

My Risk Problem and How I Solved It

Posted January 31, 2018 by Tim Wynkoop

First, let me say I am a little biased. I think Factor Analysis of Information Risk (FAIR) should be part of every risk management program. With two different financial institutions in my work history, my hindsight is 20/20. ... Continue Reading

Case Study: How Much Risk Exposure in Office 365 Migration?

Posted January 11, 2018 by Tim Wynkoop

The infosecurity team at a large financial institution had finally hit the dead end on red-yellow-green, subjective measurement. Its residual and inherent risk “scoring system” could produce colorful heat maps. ... Continue Reading

Avoiding Garbage In/Garbage Out in Cyber Risk Measurement

Posted August 24, 2017 by Tim Wynkoop

At RiskLens, we figure risk as the probable frequency and probable magnitude of a future loss – in other words, how often losses are likely to happen and how much loss is likely to result.  ... Continue Reading

The 3 C’s that Risk Analysts Want Their CISOs to Know

Posted July 27, 2017 by Tim Wynkoop

In my work as a RiskLens analyst, I’m privileged to be invited by our clients to take a deep look at their risk processes, and to help guide them through some serious thinking on difficult topics, and not just about the risks faced by the company. Implementing RiskLens and the FAIR model also means changing some longtime beliefs about risk analysis and risk management. ... Continue Reading

Sign Up for Blog Updates

Popular Posts