In this episode, I discuss how to leverage your risk framework to make sound cybersecurity investment decisions. I addressed two critical questions that you will need to know the answers; first, how can you tell your program is doing the right thing? and second, How can you tell you are protecting the organization in a financially healthy way?
Executive Cyber Education
In today’s episode, I discussed what questions you as a cybersecurity SME should be asking to drive results. Identifying revenue-generating systems is part of the journey, one of the many challenges you will face it might be in your own department. Here I discussed a few of them and how to approach it. I created an infographic to assist you in this process: https://executive-cyber-education.mykajabi.com/identification-analysis
Today’s episode I will discuss a strategy to identify critical systems in your organization. The steps I will discuss today will make sure your program is objective and repeatable.
The eBook mentioned in this podcast can be downloaded here:
Today’s episode we will discuss how to identify KRIs (key risk indicators). I’ll discuss a simple and effective way to do it; there seems to be a lot of confusion on what to measure and for a long time, subject matter experts believe we can’t measure Cybersecurity.
Today’s episode, we will discuss “tail risk” and the impact it may have on organizations when it’s realized. Given our current environment, it seems entirely appropriate for us to have this meaningful discussion.
Today’s episode we will discuss the popular risk formula, “Risk = Threat x Vulnerability x Consequence/Impact and its limitations to actually provide accurate information for a cybersecurity investment or tactical decision. I will be leveraging the “Risk Analysis and Management for Critical Asset Protection (RAMCAP) framework that was also used by the Department of Homeland Security.