Understanding and managing cyber risk is one of business leaders' most significant security obstacles. Toward solutions, I am ecstatic to announce the second edition of The Risk Business - now available in hard, soft, e-reader, and audio formats - which documents the latest round of learnings from the past three years and hundreds of conversations with Chief Information Security Officers (CISOs) across the world in every industry vertical.
Stalwart enterprise risk management (ERM) and nascent cyber security departments speak different languages and often talk past each other. CISOs can bridge the gap between these two worlds by functioning as security-to-risk and risk-to-security expert interpreters. The words we use (in both the cyber security industry and risk industry) matter immensely.
In The Risk Business first edition, I advocated for risk quantification, attaching monetary loss figures to risk probabilities from cyber threats. While I still philosophically align with risk quantification, this second edition adds important details on qualifying risk, emphasizing executive storytelling. This emphasis on narratives is because qualification is a more realistic approach at this time for improved executive consumption and meaningful cyber risk conversations.
New content, as partially discussed in prior Substack posts, includes:
Five business risk impacts cyber events cause.
Intelligence to Risk (I2R) framework (used by Recorded Future analysts)
Second-order thinking
Operational threat intelligence matrix driving measurable security outcomes
You can read more about the book here. If you find this content helpful and prefer reading a physical book, please contact me on Twitter or LinkedIn or leave a comment here on Substack, and I will drop a copy in the mail.
Finally, I am grateful to my fabulous Recorded Future colleagues, without whom none of this content would be possible. A special thanks to Zane Pokorny, Lucas Clauser, Danny Volker, and Dylan Davis, who helped push this beautiful finished product across the finish line!
Source: RecordedFuture
Source Link: https://www.recordedfuture.com/risk-business-second-edition