RiskLens Blog

Survey: Tell Us How the RiskLens Blog Could Best Meet Your Needs

Posted February 21, 2019 by Jeff B. Copeland

Please take two minutes for a short survey on the topics you'd like to see covered by the RiskLens blog that would most help you advance your knowledge and skills ... Continue Reading

How to Conduct a Security Exception Review Using FAIR

Posted February 20, 2019 by Taylor Maze

As the saying goes, there’s an exception to every rule. Security policies are no exception (though they are a rule…). ... Continue Reading

3 Key Competencies for a Successful IT Risk Program

Posted February 19, 2019 by Jeff B. Copeland

The FAIR model (the engine powering the RiskLens cyber risk quantification platform) is a disciplined approach to cyber risk analysis that eliminates the guesswork – and the red-yellow-green color coding – from risk reporting and sets up IT risk analysts to deliver the kind of financially based analyses that the rest of the business wants to see. ... Continue Reading

4 Steps to Measure Controls' Effectiveness with Cyber Risk Quantification

Posted February 14, 2019 by Cary Wise

I sometimes run into risk quantification fans who are sold on the process but just don't know how to get started. But conceptually, with the FAIR model, quantitative risk analysis has a simple and logical flow ... Continue Reading

RiskLens CEO in ‘Security Week’ on How CISOs Can Demonstrate Business Value

Posted January 29, 2019 by Jeff B. Copeland

If you’re a CISO who sees your role as “keep the business secure” – you’re only partly right, RiskLens CEO Nick Sanna argues in an article just published by Security Week. ... Continue Reading

New Report Makes Strong Case for Risk-Based Approach to Cybersecurity by Boards

Posted January 11, 2019 by Jeff B. Copeland

The Advanced Cyber Security Center is just out with a study on Leveraging Board Governance for Cybersecurity that makes a strong case, and lays out some specific recommendations, for boards to demand cyber risk analytics—not operational checklists—as a basis for board oversight on cybersecurity.   ... Continue Reading

How IT Auditors Evaluate the Effectiveness of Controls with Risk Quantification

Posted December 20, 2018 by Rachel Slabotsky

In a previous blog post, I discussed the benefit that auditors discover leveraging the FAIR quantitative analysis model to evaluate the risk associated with IT audit findings. Here, I’d like to spend time discussing another advantage for IT auditors from FAIR : the ability to analyze the effectiveness of controls ... Continue Reading

Risk Analysis or Risk Assessment? Know the Difference

Posted December 5, 2018 by Rebecca Merritt

One thing we learn from Factor Analysis of Information Risk (that’s the FAIR model that powers the RiskLens cyber risk analytics platform) is to take a disciplined approach to our thinking and language about risk. ... Continue Reading

Do I Need to Be a Math Nerd to Perform FAIR Analysis? Part 2

Posted November 9, 2018 by David Musselwhite

Welcome back to our discussion of the math knowledge required to perform FAIR analyses with the RiskLens platform (spoiler alert: not much). ... Continue Reading

Habit for Highly Effective CISOs: Begin with the End in Mind

Posted October 31, 2018 by Leanne Scott

At RiskLens, we study and try to exemplify the principles in The 7 Habits of Highly Effective People by Stephen R. Covey, especially Habit 2: Begin with the End in Mind.  ... Continue Reading

Sign Up for Blog Updates

Popular Posts