Are you using tools for cyber risk quantification? What are they?

Security Strategy & RoadmapGovernance, Risk & Compliance
3.7k viewscircle icon1 Upvotecircle icon30 Comments
Sort by:
CISO10 months ago

EPSS
CISA KEV
EXF

Director of IT2 years ago

Have you considered Cyber Quant?

Executive Director, Enterprise Infrastructure & Cybersecurity in Finance (non-banking)3 years ago

CPI and CAAT

Director of IT in Software3 years ago

Yes. RiskLens

Global CIO in Consumer Goods3 years ago

Yes, we use OneTrust GRC.

Content you might like

What technological innovation will impact the world most?

Artificial Intelligence / Machine Learning42%

Automation18%

Cloud17%

Edge / IoT6%

Augmented / Virtual Reality6%

Blockchain4%

5G2%

Other (comment)

View Results

Anyone have experiences or POVs on TruffleHog Open Source vs Commercial license?

What are the best practices for securing the MFA registration phase when moving from SMS to phishing-resistant methods like passkeys (FIDO2) or TOTP-based authenticator apps? Specifically, how can we mitigate risks in device enrollment and key provisioning without phone numbers? What innovations are your organizations implementing or have implemented to bolster this process? - I don't see this as a competitive advantage but all of us good guys against the bad.

Have you tried using “honeytokens” (false credentials that will trigger an alert when used)?

Yes52%

We’re considering this strategy24%

No23%

View Results

As a new-to-role CISO, I am wondering how do you make RACI look better than it looks `on-paper` in your company? What I am specifically looking for is, ways of fostering real collaboration and reaching to consensus between oldies and newcomers in their roles. 

Read More Comments