RiskLens Blog

3 Key Competencies for a Successful IT Risk Program

Posted February 19, 2019 by Jeff B. Copeland

The FAIR model (the engine powering the RiskLens cyber risk quantification platform) is a disciplined approach to cyber risk analysis that eliminates the guesswork – and the red-yellow-green color coding – from risk reporting and sets up IT risk analysts to deliver the kind of financially based analyses that the rest of the business wants to see. ... Continue Reading

4 Steps to Measure Controls' Effectiveness with Cyber Risk Quantification

Posted February 14, 2019 by Cary Wise

I sometimes run into risk quantification fans who are sold on the process but just don't know how to get started. But conceptually, with the FAIR model, quantitative risk analysis has a simple and logical flow ... Continue Reading

Case Study: What’s the Value of a Data Retention Policy?

Posted February 13, 2019 by Rebecca Merritt

The bank’s infosecurity team was split on the need for a data retention policy. Half of the team didn’t feel they needed to eliminate customer files because customers would likely open another account down the line ... Continue Reading

RiskLens CEO in ‘Security Week’ on How CISOs Can Demonstrate Business Value

Posted January 29, 2019 by Jeff B. Copeland

If you’re a CISO who sees your role as “keep the business secure” – you’re only partly right, RiskLens CEO Nick Sanna argues in an article just published by Security Week. ... Continue Reading

Case Study: Evaluating ROI of Data Loss Prevention Controls

Posted January 18, 2019 by Taylor Maze

Sometimes, the hardest part of risk management is identifying the areas of weakness within your environment. I would argue, however, that more often than not, the more difficult undertaking is deciding how to address said weaknesses. ... Continue Reading

Three “Surprises” from a FAIR Cyber Risk Analysis

Posted January 17, 2019 by Brock Krawczun

We recently conducted an engagement with a bank analyzing the risk associated with wire fraud. The outcome surprised some of the team who went through the process. One of the biggest overall findings was that the loss exposure was significantly less than expected ... Continue Reading

How IT Auditors Evaluate the Effectiveness of Controls with Risk Quantification

Posted December 20, 2018 by Rachel Slabotsky

In a previous blog post, I discussed the benefit that auditors discover leveraging the FAIR quantitative analysis model to evaluate the risk associated with IT audit findings. Here, I’d like to spend time discussing another advantage for IT auditors from FAIR : the ability to analyze the effectiveness of controls ... Continue Reading

2019 RSA Conference to Spotlight Cyber Risk Quantification

Posted December 12, 2018 by Jeff B. Copeland

For a leading indicator on where the cybersecurity industry is trending, scan the lineup of topics for sessions at the annual RSA Conference, coming in 2019 on Monday-Friday, March 4-8,  in San Francisco. The agenda is just out and it looks like 2019 is shaping up as year of heightened interest in a risk-based approach ... Continue Reading

Jack Jones’ Advice in ‘Dark Reading’ on Smart Cybersecurity Investment

Posted December 12, 2018 by Jeff B. Copeland

In a new article for Dark Reading, How Well Is Your Organization Investing Its Cybersecurity Dollars?, Jack Jones, RiskLens' Chief Risk Scientist, gives as cogent an explanation as you’ll find for cyber risk quantification as the foundation of a cybersecurity program. ... Continue Reading

Risk Analysis or Risk Assessment? Know the Difference

Posted December 5, 2018 by Rebecca Merritt

One thing we learn from Factor Analysis of Information Risk (that’s the FAIR model that powers the RiskLens cyber risk analytics platform) is to take a disciplined approach to our thinking and language about risk. ... Continue Reading

Sign Up for Blog Updates

Popular Posts