What kind of results are you seeing from CRQ (cyber risk quantification) so far?

Security & GRC Security Strategy & Roadmap

1.4k views8 Comments

Sort by:

Director in Manufacturing3 years ago

CRQ has helped be more objective and share metrics with leaders in IT and the Business to clarify what the company is facing as the threat landscape evolves. Top business leaders generally prefer when there is a clear methodology and process to ranking and prioritizing and this has helped communicate the risks we face. It also helps deciding where to spend limited dollars and labor hours.

Senior Manager in Consumer Goods3 years ago

From the CRQ process we are assessing the potential financial impact of an individual cyber threat to our business, evaluate operational risk, efforts to reduce risk, risk exposure, and risk mitigation.
If we find out that a specific risk exposure is still high, we re-direct our investments to the relevant cyber control. This way, our cyber risk mitigation efforts become more proactive and productive.

CISO in Software3 years ago

It helps to drive easier cross organizational decisions without agenda debates and opinions.

Director of IT in Software3 years ago

Helps you represent the cyber risk with clear business terms i.e easier to explain to the board of directors or executives how the cyber risk (can/will) affects the revenue and profit.

Senior Vice President, Engineering in Software3 years ago

It allowed us to better understand and quantify the financial impact of cyber threats, make data-driven decisions, and prioritize our cybersecurity investments based on their most significant risks.

Content you might like

What is your top security priority this quarter?

Password management/Authentication11%

Endpoint management38%

Identity management30%

Internal threat detection11%

Firewalls3%

Data encryption2%

Other1%

View Results

What are the best practices for securing the MFA registration phase when moving from SMS to phishing-resistant methods like passkeys (FIDO2) or TOTP-based authenticator apps? Specifically, how can we mitigate risks in device enrollment and key provisioning without phone numbers? What innovations are your organizations implementing or have implemented to bolster this process? - I don't see this as a competitive advantage but all of us good guys against the bad.

Our organization is subject to data retention requirements over very long periods (50 years or more). Do your organizations face similar constraints? If so, what long-term retention strategy have you implemented for these regulated data, and what technologies or solutions do you use to ensure their durability and compliance?

What’s your top barrier to adopting AI-driven pentesting?

Lack of mature vendor solutions51%

Trust in AI accuracy65%

Budget constraints19%

Skills to operate the tools26%

View Results

As a new-to-role CISO, I am wondering how do you make RACI look better than it looks `on-paper` in your company? What I am specifically looking for is, ways of fostering real collaboration and reaching to consensus between oldies and newcomers in their roles.

What kind of results are you seeing from CRQ (cyber risk quantification) so far?

Sort by:

Content you might like

What is your top security priority this quarter?

What’s your top barrier to adopting AI-driven pentesting?

As a new-to-role CISO, I am wondering how do you make RACI look better than it looks `on-paper` in your company? What I am specifically looking for is, ways of fostering real collaboration and reaching to consensus between oldies and newcomers in their roles.

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go