Ethan Bresnahan

CyberSaint Blog

As Boards and CEOs start taking a greater concern with the security posture of their enterprise, CISOs and information security teams are being faced with translating their cyber risks into business terms. Using cyber risk assessment tools is useful but only half the battle - to effectively communicate the cyber ... Read More

When Gartner released the magic quadrant for integrated risk management (IRM) in 2018 rather than for governance risk and compliance (GRC), members of the information security community were shaken as well as relieved. As we’ve covered before, Gartner marked the rise of integrated risk management as a result of increased ... Read More

As cybersecurity is elevated to a Board- and CEO-level issue, the role it plays in overall enterprise risk management is is becoming more apparent. With that comes a need for an integrated risk management approach for information security teams - changing the way organizations manage cybersecurity and cyber risk. In ... Read More

The National Institutes of Standard and Technology’s Risk Management Framework (RMF) is a foundational aspect to managing cybersecurity risk. When coupled with the NIST Cybersecurity Framework (CSF), the NIST RMF is a powerful tool for organizations regardless of size. The RMF is a process-based framework practically applied using multiple more ... Read More

For almost all organizations large and small the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) represents the gold standard for managing cybersecurity risk. Initially developed to secure the energy and utilities sector through an executive order under President Obama, the NIST CSF has been found to be ... Read More

In recent weeks, the National Institute of Standards and Technology released their latest draft of the new privacy framework. The forthcoming privacy framework will join NIST’s wildly popular Cybersecurity Framework (CSF) as well as Risk Management Framework (RMF), and can’t come a minute too soon. Data privacy and protection has ... Read More

Two of the National Institute of Standard and Technology’s most popular frameworks, the NIST Cybersecurity Framework and NIST Special Publication 800-53, are some of the most comprehensive cybersecurity frameworks available. Whether leading a cybersecurity team of one or hundreds, CISOs and security leaders consistently turn to the CSF and 800-53 ... Read More

As predicted, 2019 has seen the expansion of more state-specific legislation relating to cybersecurity and data protection. What started with Ohio’s safe harbor law has rapidly spread to more states, especially in the midwest. Some industries are moving faster than others - what we’ve seen in New York with 23 ... Read More

It is the greatest challenge for a technically minded leader like a CISO to be able to map the cyber risks that they know face the enterprise to the business outcomes such that business-side leaders can understand them. Dating back to the origin of the position, CISO’s have been charged ... Read More

Now more than ever, CISO’s are being tasked with delivering hard metrics around an enterprise’s technology and digital risk. While this is nothing new for seasoned IT professionals, the challenge here lies in providing these metrics in a way that is applicable and meaningful to the rest of the C-suite, ... Read More