Chasing Perfection

Pursuing perfection takes a lot of resources, financially and people. In Cybersecurity risk management, there are two key questions: 

  • When will enough be enough? 
  • What is the correct amount of time and effort should your organization spend to achieve a reasonable level of cybersecurity against an attacker?

The answer to these questions will be your risk tolerance. Chasing perfection has challenges and may not get you where you want to be. Chasing perfection may also risk missing the big picture, leaving security gaps in other areas of your organization, and burning out your staff.

A holistic and mission-driven approach to cybersecurity, with reasonable and measurable goals, will help secure your organization. To get you started, keep in mind three questions:

  1. What are your organization’s cybersecurity risks?
  2. How are you managing the organization’s cybersecurity risks?
  3. How are you measuring your cybersecurity risk reduction?


Continue Reading...

5 Rules for Cybersecurity Risk Metrics

Rules for Effective Cybersecurity Metrics

First, you must establish agreement among your leadership on the actual risk(s) to measure, then select which data will provide the most accurate representation of the risk.

The following are 5 fundamental rules for measuring cybersecurity risk:

  1. Select informative measures with actionable value to leadership
  2. Research other subject matter experts have done and worked
  3. Keep the math simple and clear
  4. Develop a standard reporting format and reporting governance
  5. Keep consistent and allow your measures and metrics to mature over time

Bonus rule: Gain buy-in from your stakeholders.



Author: Dr. Bill Souza | Jul 14, 2022 

Continue Reading...

50% Complete

Two Step

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.