Cybersecurity risk analysis is an essential process for protecting organizations from cybercriminals. If done correctly, the organization has considered how well prepared for the most (and least) foreseeable events.CIS RAM (Center for Internet Security Risk Assessment Method) is an information security risk assessment method that helps organizations implement and assess their security posture against the […]
CIS-Risk Assessment Method Read More »
Framework
Risk analysis means understanding the current state of risk and making an informed decision as to which elements require further investigation. Ideally, an organization would desire to have zero risk, but which requires an unlimited amount of time and money. In fact, organizations should prioritize strategies for mitigating risk to an acceptable level. A pragmatic
Qualitative risk analysis focuses on not producing detailed numbers directly related to actual monetary figures. Qualitative analysis is not as focused on precise money calculations, making it considerably easier to calculate. However, many businesses prefer the quantitative analysis’s focus on money, as it is far easier to plug those numbers into budgets and projections. A
Risk Analysis – Part 3 Read More »
Basic
Risk is calculated for threat/vulnerability pairs. It appears simplistic and straightforward. However, calculating values can be challenging. There are important factors that inform the definition that is omitted in this simplistic definition, as we will see. Likelihood Likelihood can be an additional input into the Risk equation outside of threat and vulnerability. Likelihood assessments attempt to
Risk Analysis – Part 2 Read More »
Basic
MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK)
What is MITRE ATT&CK? Read More »
Framework
The Center for Internet Security (CIS), established in 2000, is a non-profit organization that develops configurable policy standards that enable organizations to improve security and compliance programs and postures.CIS Controls™ and its CIS Benchmarks™ are global standards and accepted best practices for securing IT systems and data against the most common attacks. These proven guidelines
