Cyber Risk Quantification: Metrics and Business Objectives
Risk management is the new foundation for an information security program. Risk management, coupled with necessary compliance activities to support ongoing business operations, centers upon identifying and working to mitigate risks associated with a given organization. ... Read More
Taming the Vast Sea of Data: Commentary on CISA’s Strategy for 2021
Executives are very good at making decisions based upon risk, but cyber risk is still not clearly communicated in basic terms. This is a legacy issue in cyber, and much of what we build at CyberSaint seeks to address this problem. Evaluating outcomes is a complex, data-driven process, and we ... Read More
Integrating GRC: Risk, Quantifiable Metrics, and Aligning with Business Objectives
In our Integrating Governance Risk and Compliance series, CyberSaint leadership explores the process through which cybersecurity leaders can reconfigure their organizations to support the new paradigm of information security as a business function ... Read More
What The NIST Privacy Framework Draft Means For Privacy and Cybersecurity
On Wednesday May 1, the National Institute of Standards and Technology (NIST) released their latest draft version of the much anticipated NIST Privacy Framework. Following the same model that the NIST Cybersecurity Framework (CSF), NIST has been actively workshopping the framework with specialists in both the public and private sectors ... Read More