RiskLens Blog

Boards Adding Cybersecurity Committees, Wall St. Journal Reports

Posted November 28, 2018 by Jeff B. Copeland

A few pioneering boards are “taking the bold step of forming a full-fledged committee focused on cybersecurity,” the WSJ Pro Cybersecurity newsletter reports (subscribe to the newsletter to read the article).   ... Continue Reading

How to Make Year-End Controls Testing by IT Auditors Go as Smoothly as Peppermint Latte, Almost

Posted November 28, 2018 by Taylor Maze

As we are thrown headlong into the holiday season, several things are inevitable: peppermint lattes, parking catastrophes at your local mall, and (if you’re a control owner, director, systems architect or just an unlucky IT analyst at a 12/31 business) year-end controls testing by your friendly neighborhood auditor. ... Continue Reading

Case Study: RiskLens Clarifies Complicated Decision on Multifactor Authentication

Posted November 21, 2018 by Tim Wynkoop

I recently ran an analysis for a major bank that I think shows the power of both the FAIR Model for thinking through cybersecurity investment decisions and the power of the RiskLens CRQ platform for quickly running the numbers to support those decisions, often with surprising results.   ... Continue Reading

5 Insights from FAIR Creator Jack Jones on Transforming Your Risk Management Organization

Posted November 15, 2018 by Jeff B. Copeland

RiskLens Co-Founder and Chief Risk Scientist Jack Jones created the FAIR model for quantitative cyber risk analysis that powers the RiskLens analytics platform and wrote Measuring and Managing Information Risk, inducted into the Cybersecurity Canon as one of the most influential books for risk professionals. ... Continue Reading

Case Study: Risk Team Finds the Best Data Protection Solution Based on ROI

Posted November 15, 2018 by Teresa Suarez

The Problem: A large financial institution was concerned when they identified that sensitive personal information (PII) was housed on unsupported servers running end-of-life (EOL) software. ... Continue Reading

Do I Need to Be a Math Nerd to Perform FAIR Analysis? Part 2

Posted November 9, 2018 by David Musselwhite

Welcome back to our discussion of the math knowledge required to perform FAIR analyses with the RiskLens platform (spoiler alert: not much). ... Continue Reading

The Risk of a Controls Focus in IT Audit: Losing Sight of the Asset

Posted November 8, 2018 by Rachel Slabotsky

During my previous career working in internal IT audit, I conducted audits over various processes and technologies, which ultimately resulted in the issuance of a report with findings and recommendations. Each finding was then assigned a risk rating (high, medium, or low) ... Continue Reading

New eBook: Set Up Your FAIR Program in 7 Steps

Posted November 5, 2018 by Jeff B. Copeland

If you’re considering introducing FAIR to your organization, building a quantitative risk management program, and enabling cost-effective decision making but are unsure of how to take the next (or first) step, the new eBook from FAIR creator Jack Jones An Adoption Guide for FAIR, is an action plan in seven steps. ... Continue Reading

Habit for Highly Effective CISOs: Begin with the End in Mind

Posted October 31, 2018 by Leanne Scott

At RiskLens, we study and try to exemplify the principles in The 7 Habits of Highly Effective People by Stephen R. Covey, especially Habit 2: Begin with the End in Mind.  ... Continue Reading

Nick Sanna in ‘SecurityWeek’ on ‘Broken Communication’ Between CISOs and the Business

Posted October 31, 2018 by Jeff B. Copeland

In an article just published on the SecurityWeek website, Communication Is Broken Between CISOs and the Rest of the Business, RiskLens CEO Nick Sanna takes CISOs to task for failing to upgrade their communication skills, as senior management and boards increasingly focus on cybersecurity concerns. ... Continue Reading

Sign Up for Blog Updates

Popular Posts