Posted January 18, 2019 by Taylor MazeSometimes, the hardest part of risk management is identifying the areas of weakness within your environment. I would argue, however, that more often than not, the more difficult undertaking is deciding how to address said weaknesses.
Posted January 17, 2019 by Brock KrawczunWe recently conducted an engagement with a bank analyzing the risk associated with wire fraud. The outcome surprised some of the team who went through the process. One of the biggest overall findings was that the loss exposure was significantly less than expected
Posted November 21, 2018 by Tim WynkoopI recently ran an analysis for a major bank that I think shows the power of both the FAIR Model for thinking through cybersecurity investment decisions and the power of the RiskLens CRQ platform for quickly running the numbers to support those decisions, often with surprising results.
Posted November 5, 2018 by Jeff B. CopelandIf you’re considering introducing FAIR to your organization, building a quantitative risk management program, and enabling cost-effective decision making but are unsure of how to take the next (or first) step, the new eBook from FAIR creator Jack Jones An Adoption Guide for FAIR, is an action plan in seven steps.
Posted October 23, 2018 by Jeff B. CopelandListen to this webinar on demand to hear RiskLens Consultant Taylor Chester tell the story of a recent engagement with a large financial organization that started with a basic question: How to decide between two types of controls (purging data or tokenizing records) to protect against malicious exfiltration of data?
Posted October 18, 2018 by Jeff B. CopelandThe Journal’s WSJ Pro Cybersecurity’s Cyber Daily newsletter took a look at Charles Schwab Corp.’s rollout of Factor Analysis of Information Risk, the FAIR model that powers the RiskLens platform – and liked what it saw.
Posted September 14, 2018 by Taylor MazeRecently, I worked with a company in the media industry that was interested in a quantitative cyber risk assessment of their current risk related to a web application attack aimed at exfiltrating customer PII from an internal database.
Posted August 20, 2018 by Jeff B. CopelandThe Institute behind the FAIR model (that’s Factor Analysis of Information Risk) that RiskLens supports as a Technical Advisor recently passed two milestones that confirm the growing movement to quantitative risk analysis and FAIR, the only international standard for quantification of information security and operational risk.
Posted August 20, 2018 by Tim WynkoopI recently worked with a retail organization to run a FAIR analysis on an audit finding and settle a difference between the IT and Internal Audit teams. It’s a simple story but one that shows the power of quantitative risk analysis to get beyond guesswork and gut feelings
Posted August 16, 2018 by Rachel SlabotskyI recently worked with a large financial services organization to analyze a data breach scenario and determine the potential risk reduction (in terms of dollars and cents) that would result from implementing tokenization on key fields within a database cluster containing PII information.