In the first part of my blog post I focused on calculating the impact of a cybersecurity breach in relation to a company’s size and industry. In part two, I present an approach to better understand how often a company will experience security breaches. The probability is usually the big unknown. Not particularly helpful is that our […]

The lingering question of application code security follows, as stories of security breaches continue to pour, and remote teams across the world adopt low code for faster application delivery. Even as Gartner predicts that 65% of applications will be built using the low-code paradigm by 2024, it is important to understand the security implications that come with […]

Risk-based vulnerability management Risk-based vulnerability management doesn’t ask “How do we fix everything?” It merely asks, “What do we actually need to fix?” A series of research reports from the Cyentia Institute have answered that question in a number of ways, finding for example, that attackers are more likely to develop exploits for some vulnerabilities […]

Guardicore unveiled new zero trust assessment capabilities in Infection Monkey, its open source breach and attack simulation tool. Available immediately, security professionals will now be able to conduct zero trust assessments of AWS environments to help identify the potential gaps in an organization’s AWS security posture that can put data at risk. Infection Monkey helps IT security teams […]

Cyber Risk Quantification (CRQ) is now viewed as a core pillar of any effective Integrated Risk Management program. This short explainer video walks you through and gives you a glimpse into your future as a top tier cyber risk management organization.  A FAIR Approach

In its 10th annual Risk Barometer, Allianz found that cyber incidents ranked third in a list of the most important global business risks for the upcoming year, coming in second behind risks stemming from the pandemic itself. We can expect cyber incidents to increase in frequency and sophistication as cyber criminals continue to leverage the […]

Prioritizing and communicating risk Last year, the number of active phishing websites increased 350% from January to March alone. Now that employees are connecting to the office from their own remote networks and not through their office’s secure network, the chance of a security breach is higher than ever. While risk managers know this already, securing […]

Luke Irwin Organisations have had to overcome countless challenges during the pandemic, but one that has continued to cause headaches is IT security for home workers. A remote workforce comes with myriad dangers, with employees relying on their home networks – and sometimes their own devices – and without the assurance of a member of […]

As Jack Jones, co-founder of RiskLens, tells the story, he started down the road to creating the FAIR™ model for cyber risk quantification because of “two questions and two lame answers.” As CISO at Nationwide insurance, he presented his pitch for cybersecurity investment and was asked: “How much risk do we have?” “How much less […]

We often are asked if FAIR™, the international standard for cyber and technology risk quantification and the basis of the RiskLens platform, is compatible with the common security and risk standards and frameworks. The answer is yes — by bringing a financial discipline to otherwise technical guidelines, FAIR and RiskLens enhance their value as business-decision […]

With the growing interest in Factor Analysis of Information Risk (FAIR™), we hear a lot from people who have read about FAIR or even taken FAIR training and are really excited about the potential power of cyber risk quantification for risk management –  but have come away with the impression that to actually bring a quantitative risk management program to life […]

IAAC Directors’ Guides Source:Succinct advice for senior management on their responsibilities towards information risk, courtesy of the IAAC.

Google says Tsunami is an extensible network scanner for detecting high-severity vulnerabilities with as little false-positives as possible. Source: Google open-sources Tsunami vulnerability scanner | ZDNet The scanner has been used internally at Google and has been made available on GitHub Google Tsunami Security Scanner – Quick install an example run InfoSec Threats, Books and Training […]

  As more people work from home due to COVID-19, cybersecurity operations are facing tremendous challenges. These five principles can help Chief Information Security Officers (CISOs) and cybersecurity leaders ensure effective business continuity in the “new normal.” Source: 5 principles for effective cybersecurity leadership in a post-COVID world 7 Security Risks and Hacking Stories for Web […]

When It Come Down To It, Cybersecurity Is All About Understanding Risk Risk Management Framework for Information Systems How to choose the right cybersecurity framework Improve Cybersecurity posture by using ISO/IEC 27032 Cybersecurity Summit 2018: David Petraeus and Lisa Monaco on America’s cybersecurity posture CSET Cyber Security Evaluation Tool – ICS/OT Subscribe to DISC InfoSec […]

Get two risk management experts in a room, one financial and the other IT, and they will NOT be able to discuss risk. Source: When It Come Down To It, Cybersecurity Is All About Understanding Risk An Overview of Risk Assessment According to ISO 27001 and ISO 27005 Enter your email address: Delivered by FeedBurner

Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy NIST 800-37r2 InfoSec Risk Assessment Compliance Framework Subscribe to DISC InfoSec blog by Email

Does your organization need NIST, CSC, ISO, or FAIR frameworks? Here’s how to start making sense of security frameworks. Source: How to choose the right cybersecurity framework

vsRisk Standalone 3.0 – Brand new vsRisk™ risk assessment software available now vsRisk is fully aligned with ISO 27001:2013 and helps you conduct an information security risk assessment quickly and easily. The upgrade includes three key changes to functionality: custom acceptance criteria, a risk assessment wizard and control set synchronization. This major release also enables users […]

FAIR Institute blog by Isaiah McGowan Read Books to Jumpstart Your Career in Risk Management What are the must have resources for people new to operational and cyber risk? This list outlines what books I would recommend to new analyst or manager. They’re not ranked by which book is best. Instead, I list them in the recommended reading […]