How to CISO

Tag: tprm

  • Preview: How to CISO Volume 2: Risk Measurement

    Preview: How to CISO Volume 2: Risk Measurement

    by

    Andy Ellis
    in

    As a CISO, you’re often going to be asked to measure risk. This has a lot of different meanings, depending on who is speaking, so you’re going to have to listen carefully to the speaker to understand what they’re actually asking for. It’s possible that you’re being asked to provide a quantitative answer to the…

  • Why assessing third parties for security risk is still an unsolved problem

    Why assessing third parties for security risk is still an unsolved problem

    by

    Andy Ellis
    in

    A recent ranking of the most cyber-secure companies reveals weaknesses in current third-party risk management practices. A Forbes article is making the rounds right now about America’s most cyber-secure companies, and I can already see the cybersecurity outrage machine up in arms. Full confession: I haven’t yet read the article, but I’m about to. I’m writing this…