Cyber Risk Analytics is Flashpoint's data breach research team that since 2013 has analyzed incidents and trends. Inga Goddijn, who heads that team, opens up on ransomware, Russia's invasion of Ukraine and why so much of successful defense still comes back to getting the basics right.
Executives are required to make “data-driven” decisions; Metrics, Objectives & Key Results (OKRs), Key Performance Indicators (KPIs) – however you define being data-driven – to measure security program effectiveness, and frame their conversations to the board, partners, and company at large.
Marco Túlio Moraes of OITI, who is a CyberEdBoard executive member, confronts the metaphor of the cyberthreat as a bear in the forest and discusses how an organization must actively assess its environment, understand what its main risks are, and define a strategy to deal with them.
To answer questions about the state of their cybersecurity posture, CISOs need to have a rigorous process to measure and analyze cyber risk. Furthermore, understanding and quantifying risk levels is key to developing a bulletproof cybersecurity strategy.
In this eBook, we cover:
Why cyber risks arise and how to...
As a security leader, you know that the way to align your vulnerability management program to support the business is to mitigate the vulnerabilities that have the biggest business impact. But that’s easier said than done. How do you discover and rate each vulnerability? How do you remediate them without disrupting...
Security leaders are leveraging blockchain's decentralized approach to establish user identity, as it is designed to ensure the correction of transaction through reliable sources that help to contain fraudulent transactions, says Edmund Situmorang, CTO at Prodigi, Sinar Mas Group.
In the wake of the great digital transformation, cybersecurity is more
important than ever and it's certainly drawing the board's attention.
But how does a security leader keep that attention and also
win over other key stakeholders in the enterprise all while ensuring that cyber maturity and quantifying risk is...
Deriving Value From ISACA’s CMMI Cybermaturity Platform
By baselining cyber maturity, one can create an organization’s risk profile
– and that is the key to being able to build a road map for prioritizing
and addressing business risk. ISACA’s Brian Fletcher shares insights on
establishing the maturity...
Sri Lanka-based Sujit Christy, group CISO at John Keells Holdings PLC, says his passion is empowering security practitioners with the right skills and knowledge and ensuring they speak the right language. He discusses cybersecurity adoption and enablement.
Globalised supply chains and accelerated digitalisation has introduced more interconnected business environments, with a greater dependency by participants on third parties to operate critical processes and deliver goods and services to their customers.
The prevalence of such tightly knit service providers into an...
Building an effective vulnerability management program requires assessing your inventory to identify the critical, vulnerable, external- and internal-facing applications and applying internal controls to secure them, says John Sandiford, principal security architect at Verizon.
In an excerpt from his book "CRISC Certified in Risk and Information Systems Control All-In-One Exam Guide," Peter Gregory discusses choosing the fifth option in risk management, which is ignoring the risk. He warns of the problems that choice can cause.
Let’s face it, spreadsheets were designed to solve equations, not manage business strategy.
While the idea of transitioning from traditional spreadsheets to a dedicated automation platform might seem daunting, the benefits are certainly worth it.
Download this eBook to learn how to:
Take advantage of no-code...
By baselining cyber maturity, one can create an organization's risk profile - and that is the key to being able to build a road map for prioritizing and addressing business risk. ISACA's Brian Fletcher shares insights on establishing the maturity goals for one's unique organization.