Enterprise Strategy Group (ESG), the enterprise IT consultancy, recently asked IT and business executives to identify the most important cyber risk metrics for corporate leaders and board directors and the “top four business-side priorities illustrate the gulf between business needs and technical capabilities” writes Jon Oltsik, ESG’s senior principal analyst for cybersecurity in a new article for CSO Online, “Cyber risk management: There’s a disconnect between business and security teams.”
The findings from the survey, Oltsik writes:
Most CISOs don’t have “the processes or metrics to remotely satisfy this need,” Oltsik writes. “The cyber risk management gap represents a high-priority problem that needs immediate attention. CISOs must embrace new tools and cyber risk management methodologies like Factor Analysis of Information Risk (FAIR).”
As the only cyber risk analytics platform built on FAIR, the international standard for cyber risk quantification, RiskLens is already enabling CISOs to report on risk with what Oltsik calls “a business mindset.”
With RiskLens, financially based cyber risk reporting gets done on just the lines that the ESG survey respondents want to see:
CISOs need to “work with executive teams to protect the right assets at the right time in a cost-effective way,” Oltsik sums up. Agreed.
Read Oltsik’s article “Cyber risk management: There’s a disconnect between business and security team.”
More recognition for FAIR: The SANS CIS Controls poster now includes the FAIR model as part of the Five Keys for Building a Cybersecurity Program. The SANS Institute is also offering a FAIR training course.