Are you using tools for cyber risk quantification? What are they?

3.7k viewscircle icon1 Upvotecircle icon30 Comments
Sort by:
CISOa year ago

EPSS
CISA KEV
EXF

Director of IT2 years ago

Have you considered Cyber Quant?

Executive Director, Enterprise Infrastructure & Cybersecurity in Finance (non-banking)3 years ago

CPI and CAAT

Director of IT in Software3 years ago

Yes. RiskLens

Global CIO in Consumer Goods3 years ago

Yes, we use OneTrust GRC.

Content you might like

Always required – Security must formally review and approve every change request.

Required for security-impacting changes – Security reviews only changes flagged as having potential security implications. Please comment : Who decides which changes require security review and which do not ? Is this determination manual or automated? How do you avoid gaps or oversights in this process ?100%

Not required – Security does not review changes submitted CAB/RAB by other teams.

Risk-based or automated – Security involvement is determined by a tiered model or automated risk scoring within ITSM.

View Results

Strongly agree11%

Agree69%

Neutral14%

Disagree3%

Strongly disagree

View Results