Making Risk Count: Winning Strategies from Global CISOs
A little over sixty years ago, Risk—arguably the elder statesman of popular strategy board games—was introduced. Much like the role of today’s security professionals, excelling at the game of Risk required just the right blend of strategic thinking, diplomacy skills, and random chance. Risk-taking decisions needed to be thought through, from both a defensive and offensive point of view, and the better you understood the probabilities, the better your chance of winning. In the beginning all your possible moves were pretty easy to figure out. But, as the game progressed and the number of pieces in play expanded, the number of possible outcomes grew exponentially, making successful choices more challenging.
This is everyday life in cybersecurity. We all know the numbers—incidents continue to rise, as does the associated impact. Since all business growth relies on some amount of risk taking, risk management is becoming a critical component of a CISO’s arsenal. However, in the game of cybersecurity, you don’t need to just anticipate and manage risk, you need to measure it. And unlike the board game where measurement amounts to whether you win or lose; cybersecurity risk measurement has plenty of shades of gray.
How to Stay Ahead of the Game
Knowing how hard it can be to find meaningful metrics to measure the effectiveness of cybersecurity, members of the Security for Business Innovation Council (SBIC) have authored a new paper exploring modern approaches to risk management and measurement. “The CISO’s Guide to Cybersecurity Risk Management and Measurement– (Read more...)
*** This is a Security Bloggers Network syndicated blog from RSA Blog authored by Peter Beardmore. Read the original post at: http://www.rsa.com/en-us/blog/2018-09/making-risk-count-winning-strategies-from-global-cisos.html
