risk assessment

Defining Your Cyber Risk Appetite

When a senior executive tells the board he or she wants to discuss the company’s risk appetite, usually the board’s interest is piqued. After all, understanding an organization’s risk appetite is critical to the decisions the board makes. So why should defining a company’s cyber risk appetite be so difficult? A CISO’s role is to…

Fraud Insights Through Integration

Another great conference at the Moscone Center in San Francisco. On the heels of RSA Conference, it’s fair to ask: When was the last time you counted the number of anti-fraud tools you are using to protect your consumer-facing environment?  Now, when was the last time you thought about the connective tissue tying data sources…

Looking Behind to Move Forward

In my recent travels around the world, I’ve met with government officials and key critical infrastructure decision-makers. Defining the steps to create a more effective and secure environment is almost always Topic A on their list. This is important to the end users – information, operations, services, responsibilities of many kinds, etc. As it almost…

A closer look at the PSD2 and Risk-Based Authentication

The 8th of October 2015 is the day that Europe took a major step towards adopting more secure online banking – the European Parliament formally adopted the revised Directive on Payment Services, otherwise known as the PSD2. Whilst this is of particular importance to National Banks, Banks, Card Issuers/Acquirers/Merchants and Payment Service Providers in the…

Managing Distributed Risk: A Strategy for Minimizing Risk from Third-party Engagement

If you’re like most IT professionals, you’ve noticed that your roster of third-party providers continues to grow. Whether you’re using software as a service (SaaS) applications (as virtually every organization does), offshore developers, cloud services like infrastructure as a service (IaaS) or platform as a service (PaaS), or document share solutions, you probably have a…

Hastily Defined Netwoks and Planning for Disaster

I gave the closing presentation recently at the Judgement Day 8 cybersecurity conference in Bratislava, Slovakia. It was an interesting forum, with presentations earlier in the day by folks from F-Secure, Checkpoint, IBM, McAfee, HP and Cisco. Of these, the presentation by Michal Remper (Cisco) was particularly interesting, a discussion of the “Hastily Defined Networks”…