Are you using tools for cyber risk quantification? What are they?

Security Strategy & RoadmapGovernance, Risk & Compliance
3.7k viewscircle icon1 Upvotecircle icon30 Comments
Sort by:
CISO10 months ago

EPSS
CISA KEV
EXF

Director of IT2 years ago

Have you considered Cyber Quant?

Executive Director, Enterprise Infrastructure & Cybersecurity in Finance (non-banking)3 years ago

CPI and CAAT

Director of IT in Software3 years ago

Yes. RiskLens

Global CIO in Consumer Goods3 years ago

Yes, we use OneTrust GRC.

Content you might like

How are you currently managing SIEM costs? Have you found effective ways to actually reduce storage costs for your SIEM?

Read More Comments

Is footprinting an effective way to do vulnerability management?

Very effective1%

Somewhat effective52%

Slightly effective31%

Slightly ineffective8%

Somewhat ineffective3%

Not at all effective

Not sure yet1%

View Results

As part of our NYSE IPO prep, we’re debating how to communicate our system hardening efforts in regulatory disclosures (e.g., SEC Form 20-F, SFC).

Would you recommend sharing % compliance (e.g., “85% CIS Tier 2”) or sticking to qualitative descriptions of how we identify and mitigate risks? Also, do SFC/ISO 27001 expectations require full ISMS integration, or is a % model acceptable?

What would you say is the key component of your Security Awareness Program?

Video Training17%

Phishing Simulations63%

Infographics12%

Gaming5%

Other (please share below)

View Results

I'm looking to go for the Certified CISO certification & training as I'm an aspiring CISO. Any recommendations and additional certifications that I should be doing along with that? I already have CISSP. 

Read More Comments