Posted November 21, 2018 by Tim WynkoopI recently ran an analysis for a major bank that I think shows the power of both the FAIR Model for thinking through cybersecurity investment decisions and the power of the RiskLens CRQ platform for quickly running the numbers to support those decisions, often with surprising results.
Posted August 16, 2018 by Rachel SlabotskyI recently worked with a large financial services organization to analyze a data breach scenario and determine the potential risk reduction (in terms of dollars and cents) that would result from implementing tokenization on key fields within a database cluster containing PII information.
Posted June 13, 2018 by Jeff B. CopelandThe access process for the service portal of a global technology manufacturing company had a serious flaw. Once in the portal, anyone could get in and download the materials they needed to compete with the technology company’s authorized partners to service its products.
Posted May 3, 2018 by Tim WynkoopIn 2017, the shipping giant Maersk had to halt its global operations to reinstall its entire IT infrastructure-- 4,000 servers and 45,000 PCs-–after the NotPetya ransomware locked up its machines; the cost in lost business and remediation could hit $300 million.
Posted January 11, 2018 by Tim WynkoopThe infosecurity team at a large financial institution had finally hit the dead end on red-yellow-green, subjective measurement. Its residual and inherent risk “scoring system” could produce colorful heat maps.
Posted October 25, 2017 by Rachel SlabotskyRegulations such as the EU's General Data Protection Regulation (GDPR) and the NYDFS Cybersecurity Requirements represent efforts to ensure that organizations are taking the right steps to protect sensitive data. While the depth and breadth of these requirements may differ, their primary message is the same - protect your sensitive customer data, or pay a significant price.