Are you using tools for cyber risk quantification? What are they?

Risk ManagementSecurity Strategy & Roadmap
3.7k viewscircle icon1 Upvotecircle icon30 Comments
Sort by:
CISO9 months ago

EPSS
CISA KEV
EXF

Director of IT2 years ago

Have you considered Cyber Quant?

Executive Director, Enterprise Infrastructure & Cybersecurity in Finance (non-banking)3 years ago

CPI and CAAT

Director of IT in Software3 years ago

Yes. RiskLens

Global CIO in Consumer Goods3 years ago

Yes, we use OneTrust GRC.

Content you might like

Does your org encourage employees to opt out of data sharing with their personal mobile provider?

Yes47%

Only for employees using personal devices for work37%

No12%

Don't know / show results2%

View Results

Do you know what "Service Identities" are?

Yes, I am very familiar with the term and I know what service identities are.49%

Not really, I am familiar with the term but I am confused about what it means.37%

Not at all, I never heard of it before.13%

View Results

I'm looking to go for the Certified CISO certification & training as I'm an aspiring CISO. Any recommendations and additional certifications that I should be doing along with that? I already have CISSP. 

Read More Comments

AI deepfakes have cost the industry over $200M this year. As CISOs, can we scale detection fast enough, or is regulatory pressure the only way to drive adoption?

Read More Comments

As part of our NYSE IPO prep, we’re debating how to communicate our system hardening efforts in regulatory disclosures (e.g., SEC Form 20-F, SFC).

Would you recommend sharing % compliance (e.g., “85% CIS Tier 2”) or sticking to qualitative descriptions of how we identify and mitigate risks? Also, do SFC/ISO 27001 expectations require full ISMS integration, or is a % model acceptable?