RiskLens Blog

2 Tips for Smarter, Faster Risk Analysis

Posted September 22, 2017 by Cody Whelan

A common concern I hear from new RiskLens customers starting with cyber risk quantification, along with some executives of our existing customer base, is that the risk analysis process, more specifically data gathering, takes too long and is too burdensome on their resources.

... Continue Reading

Three Reasons NOT to Build a FAIR Spreadsheet

Posted September 21, 2017 by Chris Bryant

Ever since the FAIR model was selected by The Open Group in 2013 as their standard model for quantifying information risk, risk professionals have been looking for ways to apply it practically. Users cherish the principles upon which FAIR is based:

... Continue Reading

Understanding “Secondary Loss”, the Price of a Data Breach

Posted September 13, 2017 by Rebecca Merritt

We’re big fans of the FAIR model that powers the RiskLens platform because it’s a tool for running down every little corner of potential threats and losses to arrive at as accurate an estimate of risk as possible. It’s also a model of clear thinking – you can pretty much look at this diagram below and understand how we analyze risk.  

... Continue Reading

Admit It. You Don't Really Measure Your Cybersecurity ROI

Posted September 5, 2017 by Leanne Scott

Back when I was in a mentorship program and learning how the upper echelons of my company worked, I learned about the Information Technology budgeting process.  It was a hoot. 

... Continue Reading

The FAIR Model Explained in 90 Seconds

Posted September 1, 2017 by Paige Pilarski

How do you eat an elephant? One bite at a time. You’ve probably heard this joke before about solving complex problems. It relates to risk, too.

... Continue Reading

In Vendor Risk Assessment, All “High Risks” Are Not Created Equal

Posted August 30, 2017 by Teresa Suarez

During a client engagement, I listened to two experienced information security risk professionals lament about the results of a recent vendor risk assessment survey. The results indicated several “High Risk” vendors that needed attention. However, they couldn’t distinguish which “High Risk” vendors posed the most pressing or biggest threats to the company.

... Continue Reading

Avoiding Garbage In/Garbage Out in Cyber Risk Measurement

Posted August 24, 2017 by Tim Wynkoop

At RiskLens, we figure risk as the probable frequency and probable magnitude of a future loss – in other words, how often losses are likely to happen and how much loss is likely to result. 

... Continue Reading

4 Successful Starter Projects with RiskLens (and 3 More to Do Next)

Posted August 23, 2017 by Leanne Scott

A question that we often see new RiskLens customers struggle with is, “where do we start analyzing risk?” The possibilities seem endless. 

... Continue Reading

To Make Your Risk Management Program Fly, First Fix Your Language

Posted August 17, 2017 by Rebecca Merritt

In 1999, NASA lost its $125-million Mars Climate Orbiter because the navigation team used the metric system to operate the spacecraft while the manufacturer had set it up to run on the English inches/feet/pounds system. "It is going to be the cautionary tale until the end of time,” a leading scientist said back then.

... Continue Reading

Present Cyber Risk Reports to the Board that Spock Would Approve

Posted August 9, 2017 by Chelsea Brunson

You’re a CISO who’s prepared hard for your cybersecurity Board presentation, covering the company’s Top 10 Risks. To make the stakes higher, it’s annual budget time. You enter the boardroom, PowerPoint under control (you think), and are introduced to the new member of the Board.

... Continue Reading

Sign Up for Blog Updates