RiskLens Blog

Case Study: RiskLens Clarifies Complicated Decision on Multifactor Authentication

Posted November 21, 2018 by Tim Wynkoop

I recently ran an analysis for a major bank that I think shows the power of both the FAIR Model for thinking through cybersecurity investment decisions and the power of the RiskLens CRQ platform for quickly running the numbers to support those decisions, often with surprising results.   ... Continue Reading

New eBook: Set Up Your FAIR Program in 7 Steps

Posted November 5, 2018 by Jeff B. Copeland

If you’re considering introducing FAIR to your organization, building a quantitative risk management program, and enabling cost-effective decision making but are unsure of how to take the next (or first) step, the new eBook from FAIR creator Jack Jones An Adoption Guide for FAIR, is an action plan in seven steps. ... Continue Reading

Case Study Webinar: RiskLens Settles a Decision on Controls Investment

Posted October 23, 2018 by Jeff B. Copeland

Listen to this webinar on demand to hear RiskLens Consultant Taylor Chester tell the story of a recent engagement with a large financial organization that started with a basic question: How to decide between two types of controls (purging data or tokenizing records) to protect against malicious exfiltration of data? ... Continue Reading

Wall St. Journal Says FAIR Helps Companies ‘Better Understand Cost of Cyber Threats’

Posted October 18, 2018 by Jeff B. Copeland

The Journal’s WSJ Pro Cybersecurity’s Cyber Daily newsletter took a look at Charles Schwab Corp.’s rollout of Factor Analysis of Information Risk, the FAIR model that powers the RiskLens platform – and liked what it saw. ... Continue Reading

Case Study: Reducing Web Application Attack Risk with RiskLens

Posted September 14, 2018 by Taylor Maze

Recently, I worked with a company in the media industry that was interested in a quantitative cyber risk assessment of their current risk related to a web application attack aimed at exfiltrating customer PII from an internal database. ... Continue Reading

Two Milestones for the FAIR Institute: 3,000+ Members. 30% Adoption Rate

Posted August 20, 2018 by Jeff B. Copeland

The Institute behind the FAIR model (that’s Factor Analysis of Information Risk) that RiskLens supports as a Technical Advisor recently passed two milestones that confirm the growing movement to quantitative risk analysis and FAIR, the only international standard for quantification of information security and operational risk. ... Continue Reading

Case Study: ‘High Risk’ Audit Finding Doesn't Hold Up to FAIR Analysis

Posted August 20, 2018 by Tim Wynkoop

I recently worked with a retail organization to run a FAIR analysis on an audit finding and settle a difference between the IT and Internal Audit teams.  It’s a simple story but one that shows the power of quantitative risk analysis to get beyond guesswork and gut feelings ... Continue Reading

Data Breach Case Study: How RiskLens Modeled Risk Mitigation and ROI

Posted August 16, 2018 by Rachel Slabotsky

I recently worked with a large financial services organization to analyze a data breach scenario and determine the potential risk reduction (in terms of dollars and cents) that would result from implementing tokenization on key fields within a database cluster containing PII information. ... Continue Reading

Assessing Cyber Risk in Legacy Systems with RiskLens

Posted July 10, 2018 by Taylor Maze

Here's a quick look at the power of cyber risk analytics with the FAIR model and the RiskLens application to solve an everyday business problem. A RiskLens colleague and I recently helped a risk team in the information industry quantify the risk associated with a legacy server. In the process, the organization was also able to gain some important insights into their IT environment and cybersecurity risk management in general.  ... Continue Reading

How One CISO Showed the Board His Team's Accomplishments with RiskLens

Posted February 26, 2018 by Joe Vinck

Seeking to improve board presentations One of my favorite aspects of my job is that I have the opportunity to partner with CISOs and their teams to help them continually improve in the eyes of their boards of directors, executive team, and cybersecurity/IT risk councils. ... Continue Reading

Sign Up for Blog Updates

Popular Posts