Posted September 14, 2018 by Taylor MazeRecently, I worked with a company in the media industry that was interested in a quantitative cyber risk assessment of their current risk related to a web application attack aimed at exfiltrating customer PII from an internal database.
Posted September 13, 2018 by David MusselwhiteAre you responsible for analyzing, managing, or reporting on cyber risk in your organization? Do you know the FAIR model and can you apply it to quantitatively assess cyber risk scenarios?
Posted September 11, 2018 by Steve TabacekIncreasingly, I hear this question from clients: I’m sold on the value of risk quantification and the transformative power of cyber risk economics – but how do I sell this new message to my board of directors?
Posted September 5, 2018 by Jeff B. CopelandIn a new article on Homeland Security Today, Jack Jones critiques the government’s push for better cyber risk management of federal networks and critical infrastructure, kicked off by last year’s presidential Executive Order, with the advice of the mysterious smiling cat
Posted September 4, 2018 by Chelsea BrunsonFAIR risk analyses are great - they allow you to understand cyber risk in dollars and cents. RiskLens is the SaaS platform out there that allows you to conduct true quantitative cyber risk analysis.
Posted August 30, 2018 by Jeff B. CopelandListen (on demand) to this webinar, led by veteran RiskLens risk consultant Rachel Slabotsky, for a quick, high level introduction to the FAIR model for cyber risk quantification, along with a look at some use cases for the RiskLens application that solve the problems we most often hear about from clients.
Posted August 29, 2018 by Cody WhelanOn the road to risk management maturity, most organizations start with some kind of maturity framework, most likely the NIST Cybersecurity Framework (CSF). Frameworks are relatively easy to implement, and carry industry acceptance. But at this early stage of development, there is a misconception that maturity frameworks are either the same thing as, or close enough to a well-vetted and defensible risk analysis model.
Posted August 28, 2018 by Jeff B. CopelandIn a new article on the SecurityWeek website, Cyber Risk = Business Risk. Time for the Business-Aligned CISO, RiskLens CEO Nick Sanna writes that this era of heightened awareness of cybersecurity should be a great opportunity for CISOs to command the attention of top brass but “it’s also a challenge that many infosec pros won’t be prepared for.”
Posted August 23, 2018 by Jeff B. CopelandIn the National Association of Corporate Directors recent members survey, 22 percent of those responding were “dissatisfied” or “very dissatisfied” with the quality of cybersecurity reporting they received. Of the very dissatisfied, 44% complained that management "doesn’t provide enough transparency into problems."
Posted August 22, 2018 by Leanne ScottThe RiskLens Customer Success team recently updated its guidance document for operationalizing quantitative risk analysis (we call it the OQRA blueprint). It’s a compilation of lessons we’ve learned alongside our clients