Apex Threat Agents, More HITRUST, Quant/Qual Showdown, and Iran

Time for another roundup! Below are some works I’ve recently done on Apex Threat Agents, HITRUST, my time at the Gartner Summit, and some thoughts on Iranian attacks.

How to Model Risk in an Apex Predator Cyber-World

Enhancing HITRUST Risk Assessments with Cyber Risk Quantification (CRQ)

Gartner 2019 Debate: Quantitative vs. Qualitative Cyber Risk Analysis

Podcast: Jack Freund on How to Prepare for an Iranian Cybersecurity Threat

 

ISSA Journal – The Future of ITRM will be Quantified

The December issue of the ISSA Journal was released and my article on the Future of IT Risk is on the cover. The┬átheme for this month’s Journal is “The Next 10 Years” and I wanted to highlight where I saw the industry going. I begin with a look back on the progress away from ordinal scale, verbal risk labels and project out on where things will go. I cover regulatory, insurance, and customer pressures to quantify as well as outline a path forward where risk quantification can be used as a competitive advantage.

Check it out in your mailbox or read it online now.