I’m pleased to share my latest article in the ISACA Journal, titled “From Measurement to Management: Integrating Cyberrisk Quantification into Risk Governance.” In this piece, I explore how the newly updated NIST Cybersecurity Framework 2.0, with its focus on governance, is driving critical feedback loops between cyber operations and executive decision-making.

In particular, I delve into how Cyber Risk Quantification (CRQ) can empower organizations to:

Set and manage risk appetite and tolerance
Align cybersecurity investments with business risk
Strengthen cyber resilience by leveraging financial metrics and governance strategies
If you’re interested in learning more about how quantified approaches can enhance your organization’s risk management, check it out in the latest ISACA Journal.