Sandboxed recommendations that are prioritized by their risk-reduction potential are part of the foundation for strategic and programmatic cyber decisions, such as those made during risk committee meetings. The outcomes of those decisions can either be technically observed (i.e., implemented and validated via integration) or provided via user feedback (i.e., silencing because of control sustainability within a given business environment). The ultimate success story for this type of capability is enabling decision-analysis across business quarters, where three very simple questions can be answered: 1) What have we done? 2) What do we need to do? 3) How are we trending? #pelloniumriskintelligence
Trey Ford laying down the utility of having good tooling during the risk committee meetings, and building a process/ceremony around it.
