RiskLens Blog

What Does a Gartner Shift From GRC to IRM Mean for Risk Management Programs?

Posted February 22, 2019 by Isaiah McGowan

John Wheeler, lead analyst at Gartner for integrated risk management (IRM)  solutions, penned a piece calling for an evolution from compliance-aware to risk-aware governance programs. What does that mean for the risk management programs of the world? ... Continue Reading

Survey: Tell Us How the RiskLens Blog Could Best Meet Your Needs

Posted February 21, 2019 by Jeff B. Copeland

Please take two minutes for a short survey on the topics you'd like to see covered by the RiskLens blog that would most help you advance your knowledge and skills ... Continue Reading

See You at RSA Conference 2019!

Posted February 20, 2019 by Jeff B. Copeland

Going to RSA Conference 2019, March 4 to 8 in San Francisco? Of course you are – it’s the cybersecurity industry event of the year – and so will the RiskLens crew, including CEO Nick Sanna, President Steve Tabacek and Chief Risk Scientist Jack Jones ... Continue Reading

How to Conduct a Security Exception Review Using FAIR

Posted February 20, 2019 by Taylor Maze

As the saying goes, there’s an exception to every rule. Security policies are no exception (though they are a rule…). ... Continue Reading

3 Key Competencies for a Successful IT Risk Program

Posted February 19, 2019 by Jeff B. Copeland

The FAIR model (the engine powering the RiskLens cyber risk quantification platform) is a disciplined approach to cyber risk analysis that eliminates the guesswork – and the red-yellow-green color coding – from risk reporting and sets up IT risk analysts to deliver the kind of financially based analyses that the rest of the business wants to see. ... Continue Reading

4 Ways RiskLens Beats Spreadsheets for FAIR Risk Analysis

Posted February 14, 2019 by Christina Dulovich

Risk analysts appear to have a DIY mindset, turning to spreadsheets to conduct quantitative risk analyses with FAIR, the international standard model for cyber risk quantitative analysis.  While there is nothing quite as satisfying for some as building a complex Excel workbook to achieve your goal, there is a better way. ... Continue Reading

4 Steps to Measure Controls' Effectiveness with Cyber Risk Quantification

Posted February 14, 2019 by Cary Wise

I sometimes run into risk quantification fans who are sold on the process but just don't know how to get started. But conceptually, with the FAIR model, quantitative risk analysis has a simple and logical flow ... Continue Reading

Case Study: What’s the Value of a Data Retention Policy?

Posted February 13, 2019 by Rebecca Merritt

The bank’s infosecurity team was split on the need for a data retention policy. Half of the team didn’t feel they needed to eliminate customer files because customers would likely open another account down the line ... Continue Reading

Build Your Career in Risk - Get FAIR-Trained in 2019

Posted February 12, 2019 by David Musselwhite

Coming soon: FAIR training in San Francisco before RSAC 2019. In 2018, the RiskLens Academy provided FAIR education to more people than ever before. More than 600 learners participated ... Continue Reading

Wall St. Journal Asks: What’s the Magic Number for Cybersecurity Budget? We Have an Answer

Posted February 8, 2019 by Jeff B. Copeland

In an article “Looking for a Magic Number”,  Kim S. Nash of the The Wall Street Journal’s WSJ Pro Cybersecurity newsletter (subscription required) writes that “everyone wants a gauge but none exists” to set a cybersecurity program budget. ... Continue Reading

Sign Up for Blog Updates

Popular Posts