RiskLens Blog

The Year Ahead in Cyber Risk: 5 Predictions for 2019

Posted January 2, 2019 by Luke Bader

At the recent FAIR Conference at Carnegie Mellon University that drew a record turnout from around the world, we heard one message repeated many ways – the movement toward a rational, data-driven, model-based approach to cyber risk (and away from qualitative, guesswork approaches) is growing fast. ... Continue Reading

Most Popular RiskLens Blog Posts of 2018 Covered SEC Cyber Policy, Better Heat Maps, and More Signs of Growth in the Cyber Risk Quantification Movement

Posted December 27, 2018 by Jeff B. Copeland

RiskLens and the FAIR risk model are change agents in the world of cyber risk management and the most popular blog posts we published in 2018 are a leading indicator of where the movement is heading. Take a look at the Top 10, by page views: ... Continue Reading

How IT Auditors Evaluate the Effectiveness of Controls with Risk Quantification

Posted December 20, 2018 by Rachel Slabotsky

In a previous blog post, I discussed the benefit that auditors discover leveraging the FAIR quantitative analysis model to evaluate the risk associated with IT audit findings. Here, I’d like to spend time discussing another advantage for IT auditors from FAIR : the ability to analyze the effectiveness of controls ... Continue Reading

How to Evaluate ROI of Security Investments for GDPR (Case Study)

Posted December 18, 2018 by Jeff B. Copeland

“Security Spending to Rise on GDPR Concerns” headlines a recent edition of the Wall Street Journal’s WSJ Pro Cybersecurity newsletter (subscription required) that details how seriously companies take the EU’s privacy regulations that went into effect last May. ... Continue Reading

U.S. House Oversight Committee Calls for More “Transparency” in Cyber Risk Reporting, After Equifax

Posted December 13, 2018 by Jeff B. Copeland

A report from The U.S. House of Representatives Committee on Oversight and Government Reform on the Equifax data breach of 2017 recommends that “Federal agencies and the private sector should work together to increase transparency of a company’s cybersecurity risks and steps taken to mitigate such risks.” ... Continue Reading

2019 RSA Conference to Spotlight Cyber Risk Quantification

Posted December 12, 2018 by Jeff B. Copeland

For a leading indicator on where the cybersecurity industry is trending, scan the lineup of topics for sessions at the annual RSA Conference, coming in 2019 on Monday-Friday, March 4-8,  in San Francisco. The agenda is just out and it looks like 2019 is shaping up as year of heightened interest in a risk-based approach ... Continue Reading

Jack Jones’ Advice in ‘Dark Reading’ on Smart Cybersecurity Investment

Posted December 12, 2018 by Jeff B. Copeland

In a new article for Dark Reading, How Well Is Your Organization Investing Its Cybersecurity Dollars?, Jack Jones, RiskLens' Chief Risk Scientist, gives as cogent an explanation as you’ll find for cyber risk quantification as the foundation of a cybersecurity program. ... Continue Reading

Jack Jones in Homeland Security Today: Feds Need a Game Plan for Their ‘Crown Jewels’

Posted December 6, 2018 by Jeff B. Copeland

In a lead article on the Homeland Security Today website, A Game Plan to Identify, Protect Information Crown Jewels, RiskLens Co-Founder and Chief Risk Scientist Jack Jones has some advice for federal agencies required to identify and prioritize risk management on their “crown jewels”: Get a clearer picture on your high-value assets, then get an effective risk analysis model to guide your security investments. ... Continue Reading

Risk Analysis or Risk Assessment? Know the Difference

Posted December 5, 2018 by Rebecca Merritt

One thing we learn from Factor Analysis of Information Risk (that’s the FAIR model that powers the RiskLens cyber risk analytics platform) is to take a disciplined approach to our thinking and language about risk. ... Continue Reading

[Webinar] Jack Jones' Advice to CISOs: Reduce the 'Noise', Raise the Value

Posted December 3, 2018 by Jeff B. Copeland

“I was just expensive noise. The fact that I couldn’t express the value proposition of cybersecurity was a real problem in senior executives' eyes.” That’s Jack Jones describing the painful moment of his career as a CISO that set him on the path to creating Factor Analysis of Information Risk (FAIR) ... Continue Reading

Sign Up for Blog Updates

Popular Posts