Cyber Risk Nomenclature, The Source Of Much Confusion

January 11, 2019  Tiziana Barrow

Our co-founder, Jack Jones, recently contributed an article to Dark Reading, titled “Cyberrisk Through A Business Lens”. The piece focuses on cyber risk analysis as one of the most important factors related to making well-informed decisions about managing the dynamic risk landscape within organizations . Here are some questions posed to cyber risk managers:

  • Do you know the critical factors for making well-informed decisions?
  • Are you confident in your teams’ risk analysis?
  • Are you enabling board members and the c-level executives to make well-informed risk decisions?

In this article, Jack discusses in details the critical factors for a sound risk analysis:

  • Nomenclature (terminology)
  • Broken models
  • Skills sets
  • Reliance on checklists
  • Reliable execution

You might be surprised to see the word “Nomenclature” as the first and most critical factors for risk analysis. In fact, cyber risk nomenclature is the root cause of most of the confusion within the marketplace today. In this article, Jack uses an example about going on a space shuttle mission where the lack of agreed upon definitions for mass, weight, and velocity, are impediments to effective and consistent communication and planning. Although a trip to the moon sounds enjoyable, I am not so confident that the shuttle would either take me there and/or bring me back safely if the engineers couldn't agree on those definitions. We apparently are facing similar challenges in cyber risk management.

Please read the full article for a more detailed explanation of the critical factors of cyber risk management and governance by clicking the button below.