Archive for the ‘Security Risk Assessment’ Category

How to read a SOC 2 Report

The following conversation about reviewing a SOC 2 report is one to avoid.  Potential Customer: â€śHi Vendor Co., do you have a SOC 2?” Vendor Co. Sales Rep: â€śYes!” Potential Customer: â€śGreat! We can’t wait to start using your service.”  The output of a SOC 2 audit isn’t just a stamp of approval (or disapproval). Even companies that […]

Leave a Comment

Integrating Cybersecurity and Enterprise Risk Management (ERM)

Source: https:// /10.6028/NIST.IR.8286-draft2 ISO 31000: 2018 Enterprise Risk Management (CERM Academy Series on Enterprise Risk Management)

Leave a Comment

What Is Information Risk Management? Definition & Explanation

Information risk management is the process of identifying the ways an organisation can be affected by a disruptive incident and how it can limit the damage. It encompasses any scenario in which the confidentiality, integrity and availability of data is compromised. As such, it’s not just cyber attacks that you should be worried about. Information […]

Leave a Comment


VULNERABILITY ASSESSMENT AND MITIGATION Download Log4Shell report – VULNERABILITY ASSESSMENT AND MITIGATION How the role of open-source maintainers could be professionalized, as the maintainer who fixed the log4j zero-day says he works on the project in his spare time — Open Source software runs the Internet, and by extension the economy. This is an undisputed […]

Comments (1)

Governance, Risk Management and Compliance for InfoSec

Manage all your compliance documentation in one place | Access, customize and collaborate whenever, wherever and however you need | Shop toolkits 

Leave a Comment

An Adoption Guide for FAIR

Jack draws on years of experience introducing quantified risk analysis to organizations like yours, to write An Adoption Guide For FAIR. In this free eBook, he’ll show you how to: Lay the foundation for a change in thinking about risk Plan an adoption program that suits your organization’s style. Identify stakeholders and key allies for socialization of FAIR Select and achieve […]

Leave a Comment

CISA releases Insider Risk Mitigation Self-Assessment Tool

The US CISA has released a new tool that allows to assess the level of exposure of organizations to insider threats and devise their own defense plans against such risks. The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Insider Risk Mitigation Self-Assessment Tool, a new tool that allows organizations to assess their level […]

Leave a Comment

Calculating Your Company’s Total Cybersecurity Risk Exposure

In the first part of my blog post I focused on calculating the impact of a cybersecurity breach in relation to a company’s size and industry. In part two, I present an approach to better understand how often a company will experience security breaches. The probability is usually the big unknown. Not particularly helpful is that our […]

Leave a Comment

A leadership guide for mitigating security risks with low code platforms

The lingering question of application code security follows, as stories of security breaches continue to pour, and remote teams across the world adopt low code for faster application delivery. Even as Gartner predicts that 65% of applications will be built using the low-code paradigm by 2024, it is important to understand the security implications that come with […]

Leave a Comment

Risk-based vulnerability management has produced demonstrable results

Risk-based vulnerability management Risk-based vulnerability management doesn’t ask “How do we fix everything?” It merely asks, “What do we actually need to fix?” A series of research reports from the Cyentia Institute have answered that question in a number of ways, finding for example, that attackers are more likely to develop exploits for some vulnerabilities […]

Leave a Comment

Infection Monkey: Open source tool allows zero trust assessment of AWS environments

Guardicore unveiled new zero trust assessment capabilities in Infection Monkey, its open source breach and attack simulation tool. Available immediately, security professionals will now be able to conduct zero trust assessments of AWS environments to help identify the potential gaps in an organization’s AWS security posture that can put data at risk. Infection Monkey helps IT security teams […]

Leave a Comment

Understanding Cyber Risk Quantification – A Four Minute Journey Into Your Future

Cyber Risk Quantification (CRQ) is now viewed as a core pillar of any effective Integrated Risk Management program. This short explainer video walks you through and gives you a glimpse into your future as a top tier cyber risk management organization.  A FAIR Approach

Leave a Comment

Why is financial cyber risk quantification important?

In its 10th annual Risk Barometer, Allianz found that cyber incidents ranked third in a list of the most important global business risks for the upcoming year, coming in second behind risks stemming from the pandemic itself. We can expect cyber incidents to increase in frequency and sophistication as cyber criminals continue to leverage the […]

Leave a Comment

Risk management in the digital world: How different is it?

Prioritizing and communicating risk Last year, the number of active phishing websites increased 350% from January to March alone. Now that employees are connecting to the office from their own remote networks and not through their office’s secure network, the chance of a security breach is higher than ever. While risk managers know this already, securing […]

Leave a Comment

The cyber security risks of working from home

Luke Irwin Organisations have had to overcome countless challenges during the pandemic, but one that has continued to cause headaches is IT security for home workers. A remote workforce comes with myriad dangers, with employees relying on their home networks – and sometimes their own devices – and without the assurance of a member of […]

Leave a Comment

Boards: 5 Things about Cyber Risk Your CISO Isn’t Telling You

As Jack Jones, co-founder of RiskLens, tells the story, he started down the road to creating the FAIR™ model for cyber risk quantification because of “two questions and two lame answers.” As CISO at Nationwide insurance, he presented his pitch for cybersecurity investment and was asked: “How much risk do we have?” “How much less […]

Leave a Comment

How FAIR & ISO 27001 Work Together

We often are asked if FAIR™, the international standard for cyber and technology risk quantification and the basis of the RiskLens platform, is compatible with the common security and risk standards and frameworks. The answer is yes — by bringing a financial discipline to otherwise technical guidelines, FAIR and RiskLens enhance their value as business-decision […]

Comments (2)

Proven Use Cases to Start Quantitative Cyber Risk Management

With the growing interest in Factor Analysis of Information Risk (FAIR™), we hear a lot from people who have read about FAIR or even taken FAIR training and are really excited about the potential power of cyber risk quantification for risk management –  but have come away with the impression that to actually bring a quantitative risk management program to life […]

Leave a Comment

Advice for senior management on their responsibilities towards information risk

IAAC Directors’ Guides Source:Succinct advice for senior management on their responsibilities towards information risk, courtesy of the IAAC.

Leave a Comment

Google open-sources Tsunami vulnerability scanner

Google says Tsunami is an extensible network scanner for detecting high-severity vulnerabilities with as little false-positives as possible. Source: Google open-sources Tsunami vulnerability scanner | ZDNet The scanner has been used internally at Google and has been made available on GitHub Google Tsunami Security Scanner – Quick install an example run InfoSec Threats, Books and Training […]

Leave a Comment