Are you using tools for cyber risk quantification? What are they?

Security Strategy & RoadmapGovernance, Risk & Compliance
3.7k viewscircle icon1 Upvotecircle icon30 Comments
Sort by:
CISO10 months ago

EPSS
CISA KEV
EXF

Director of IT2 years ago

Have you considered Cyber Quant?

Executive Director, Enterprise Infrastructure & Cybersecurity in Finance (non-banking)3 years ago

CPI and CAAT

Director of IT in Software3 years ago

Yes. RiskLens

Global CIO in Consumer Goods3 years ago

Yes, we use OneTrust GRC.

Content you might like

Do you use ServiceNow to manage access and support identity and access management within your organization?

Yes68%

No33%

What models are in place for risk partners based in Line 2? What are the jobs to be done? How do they operate? What does the structure/operating rythms look like?

Read More Comments

How are you currently managing SIEM costs? Have you found effective ways to actually reduce storage costs for your SIEM?

Read More Comments

As part of our NYSE IPO prep, we’re debating how to communicate our system hardening efforts in regulatory disclosures (e.g., SEC Form 20-F, SFC).

Would you recommend sharing % compliance (e.g., “85% CIS Tier 2”) or sticking to qualitative descriptions of how we identify and mitigate risks? Also, do SFC/ISO 27001 expectations require full ISMS integration, or is a % model acceptable?

What percentage of your organization's AI usage do you estimate happens outside of IT governance?

Less than 10%16%

10-25%54%

25-50%19%

More than 50%11%

I don't know

View Results