A
new article in SC Magazine, “Cybersecurity: Poised for a giant leap forward,” covers what it calls “transformational change” in security – and cites the cyber risk quantification movement among the major drivers.
Author Teri Robinson writes that infosec leaders have for too long loaded up on products, resulting in “increasingly complex security architecture” and now are looking for “a much-needed simplicity.” Another push factor: Cybersecurity has a “growing place on the board’s agenda” now that “cyber threat is actually a threat to the business.”
As a result, “enlightened organizations have now moved to a risk-based approach to managing cyber risk,” the article quotes Steve Durbin, managing director at the Information Security Forum, raising demand for quantification of information risk to demonstrate actual risk reduction from controls, rather than relying on “the traditional maturity assessment or benchmarking against standards.”
The RiskLens team saw that movement in action at the recent RSA Conference 2020, where conference organizers invited RiskLens Chief Risk Scientist Jack Jones and Risk Science Director Jack Freund to conduct two half-day seminars on Factor Analysis of Information Risk (FAIR™), the international standard for quantifying cyber risk in financial terms, attended by an audience of 700. Read our blog post At RSA Conference 2020, Demand for Risk Quantification and FAIR™ Everywhere.
The RiskLens Platform applies the FAIR model to cyber risk quantification – and the RiskLens-FAIR Enterprise Model™ (RF-EM™), a suite of SaaS solutions and services, supports a risk management process in line with standards such as NIST 800 and COSO ERM. Contact us to learn more.