Limited Visibility Keeps Us From Assessing Our True Risk

Originally published as a Tanium Blog: May 20 2019 It’s a question I hear daily when I meet with CISOs and CIOs from some of the world’s best-known organisations across finance, retail, aerospace, media, telecom, consulting and many other industries. Wherever our conversation takes us, the underlying issue is one of confidence. Is the data …

Continue reading Limited Visibility Keeps Us From Assessing Our True Risk

The Why and How of Talking Tech with the Board: 3 Strategies to Help Them “Get” Cybersecurity

Nobody wants their enterprise to be the victim of the next big data breach. For chief information security officers (CISOs) and others who eat, breathe and sleep technology, the solutions seem obvious; there are, after all, not many times, waking or sleeping, that we’re not thinking cybersecurity best practices. But there’s a hidden danger to …

Continue reading The Why and How of Talking Tech with the Board: 3 Strategies to Help Them “Get” Cybersecurity

How to engage with the C-Suite on cyber risk management, part 4

Creating metrics to indicate risk. In part 3 of our metrics series, we discussed we how KRIs help identify risks while KPIs help us measure them. In this, our final article in the series, we’ll build on this knowledge to create metrics based on our four-stage model for qualifying risks and threats that we introduced in part 2. …

Continue reading How to engage with the C-Suite on cyber risk management, part 4

How to engage with the C-suite on cyber risk management, part 3

Understanding KPIs and KRIs. In the first and second parts of our series on engaging with boards on cyber risk management, we explained what today’s boards needed to know about security. In this article, we’ll deep dive into some of the metrics associated with our four-step methodology for qualifying threats and prioritising risk (see details in part 2). The ultimate …

Continue reading How to engage with the C-suite on cyber risk management, part 3

How to engage with the C-suite on cyber risk management, part 2

In Part 1 of this series on on delivering meaningful metrics to boards, I talked about the need to discuss security risks in ways that relate to board concerns. Many CISOs are reporting the wrong metrics to boards — for example, a malware platform supposedly finding 333 million malware alerts or 234,333 wrong password entries. Without context …

Continue reading How to engage with the C-suite on cyber risk management, part 2

How to engage with the C-Suite on cyber risk management

Enron changed the world of finance and the energy industry forever, and the early days of the Equifax hack look as though this breach could change the face of the credit industry and cybersecurity forever. That a single company could amass so much financial information on an individual and be as poorly defended as it …

Continue reading How to engage with the C-Suite on cyber risk management