RiskLens Blog

Jack Jones’ Advice in ‘Dark Reading’ on Smart Cybersecurity Investment

Posted December 12, 2018 by Jeff B. Copeland

In a new article for Dark Reading, How Well Is Your Organization Investing Its Cybersecurity Dollars?, Jack Jones, RiskLens' Chief Risk Scientist, gives as cogent an explanation as you’ll find for cyber risk quantification as the foundation of a cybersecurity program. ... Continue Reading

Risk Analysis or Risk Assessment? Know the Difference

Posted December 5, 2018 by Rebecca Merritt

One thing we learn from Factor Analysis of Information Risk (that’s the FAIR model that powers the RiskLens cyber risk analytics platform) is to take a disciplined approach to our thinking and language about risk. ... Continue Reading

Case Study: RiskLens Clarifies Complicated Decision on Multifactor Authentication

Posted November 21, 2018 by Tim Wynkoop

I recently ran an analysis for a major bank that I think shows the power of both the FAIR Model for thinking through cybersecurity investment decisions and the power of the RiskLens CRQ platform for quickly running the numbers to support those decisions, often with surprising results.   ... Continue Reading

Do I Need to Be a Math Nerd to Perform FAIR Analysis? Part 2

Posted November 9, 2018 by David Musselwhite

Welcome back to our discussion of the math knowledge required to perform FAIR analyses with the RiskLens platform (spoiler alert: not much). ... Continue Reading

The Risk of a Controls Focus in IT Audit: Losing Sight of the Asset

Posted November 8, 2018 by Rachel Slabotsky

During my previous career working in internal IT audit, I conducted audits over various processes and technologies, which ultimately resulted in the issuance of a report with findings and recommendations. Each finding was then assigned a risk rating (high, medium, or low) ... Continue Reading

New eBook: Set Up Your FAIR Program in 7 Steps

Posted November 5, 2018 by Jeff B. Copeland

If you’re considering introducing FAIR to your organization, building a quantitative risk management program, and enabling cost-effective decision making but are unsure of how to take the next (or first) step, the new eBook from FAIR creator Jack Jones An Adoption Guide for FAIR, is an action plan in seven steps. ... Continue Reading

Join Jack Jones, Nick Sanna for NACD Forum ‘Demand More in Cyber Risk Reporting’

Posted October 24, 2018 by Jeff B. Copeland

The National Association of Corporate Directors (NACD) 2018 members survey on corporate governance found that nearly a quarter of the directors were dissatisfied with reporting on cybersecurity ... Continue Reading

Case Study Webinar: RiskLens Settles a Decision on Controls Investment

Posted October 23, 2018 by Jeff B. Copeland

Listen to this webinar on demand to hear RiskLens Consultant Taylor Chester tell the story of a recent engagement with a large financial organization that started with a basic question: How to decide between two types of controls (purging data or tokenizing records) to protect against malicious exfiltration of data? ... Continue Reading

Diary of a 4-day RiskLens Pilot

Posted October 17, 2018 by Rebecca Merritt

A RiskLens pilot is a test drive, a mini-implementation of the RiskLens platform in your environment with your data. Coming into the pilot, the main focus is to complete a risk analysis using real numbers from the company ... Continue Reading

How to Set a (Meaningful) Cyber Risk Appetite with RiskLens

Posted October 16, 2018 by Rachel Slabotsky

Establishing a well-defined risk appetite has long been a moving target in cyber risk management. The conventional red-amber-green approach to cyber risk has influenced the treatment of risk appetite and led to some common pitfalls that become obvious when RiskLens consultants apply the principles of the FAIR model. Here are some of the problem areas we see:  ... Continue Reading

Sign Up for Blog Updates

Popular Posts