Christopher Puderbaugh’s Post

A few months ago, I connected with Scott Mitchell. Given the work we do here at Pellonium and in particular in how we think about risk, he suggested I check out OCEG's definition of risk: https://lnkd.in/g9wFgcWG Reading this definition made me uncomfortable for weeks. It took me a while to articulate why. After some thought, I realized that, though this definition is directionally correct, it is very difficult to operationalize given its ambiguity. Each of the variables used in this definition are very difficult to estimate in a defensible, repeatable manner. Deriving a defensible estimate of risk using these variables is difficult to impossible for most any organization. And yet, given how threats are increasing, cost of incidents are increasing, all while organizations continue to increase investments in cyber infrastructure, it is becoming critical that organizations employ a risk-based approach to managing their security environment. Even the National Institute of Standards and Technology (NIST) says so. But how? (We believe the answer lies in Unified Security Posture Management, but more on that later...) Organizations can no longer manage without an operational understanding of cyber risk. As cyber risk takes its rightful place as a key enterprise risk, security leaders must directly connect the investments they make in addressing threats, vulnerabilities and assets to the effect these investments have on reducing risk. For more on how we think about risk, check out Homayun's post: https://lnkd.in/gpeEZHvC #pelloniumriskintelligence #cyberrisk #grc

"Each risk landscape is unique, therefore. To navigate yours — and understand what it takes to build resilience – senior leaders can begin by asking their top teams to tackle four essential questions. Answering these will help create a shared framework on digital risk, surface hidden challenges, clarify key choices and make digital business operations more secure and resilient." #digitalrisk #cybersecurity

The SEC is only the latest regulator to expect non-technical executives to take ownership of cybersecurity risk management. Regulators argue that when companies pose risks to others those risks need to be managed, whether they come from business practices, properties, products, or the management of data and networked technologies. But many businesses struggle with how to communicate technical risks to non-technical executives. On SEPTEMBER 19, Join Charity Otwell, CBCP, CISA, CGEIT, ITIL, Director, Critical Security Controls at Center for Internet Security, Philippe Langlois, Data Breach Investigations Report (DBIR) Author at Verizon, and Chris Cronin, Partner at HALOCK Security Labs and Reasonable Risk at this insightful look on how to talk cyber risk. The expert panel will be discussing some of the awkward truths found in HALOCK’s SEC 10-K Survey Report and will share techniques for communicating cyber risk to executives well enough that they can make informed cybersecurity decisions. Read the Annual 10-K Survey Report for insights. https://lnkd.in/gWADGZik HALOCK Security Labs #CISRAM #DoCRA #Risk #GRC #DutyofCare #ReasonableRisk #cybersecurity #DBIR #CISControls #CIS_Critical_Security_Controls 

In a recent report from BlueVoyant, U.S. companies are prioritizing proactive third-party risk management to combat supply chain cybersecurity threats. Despite progress, with 86% of companies boosting their risk management budgets and 36% actively collaborating with vendors on cyber defenses, challenges persist. Notably, only 32% of vendors receive consistent monitoring, and sectors like healthcare remain vulnerable with high breach rates. This shift reflects a growing focus on resilience over regulatory compliance alone, signaling the need for continued investment and innovation in third-party risk management. #SupplyChainSecurity #ThirdPartyRisk #Cybersecurity #RiskManagement #HealthcareCompliance https://lnkd.in/eaABc_DX

🎉 Today’s an exciting day at Mimecast as we launch our new Human Risk Management Platform, including a new human risk awareness and training offering: Mimecast Engage!   In cybersecurity, innovation is the baseline for companies to continue defending themselves against bad actors; at Mimecast, innovation alone wasn’t enough. Mimecast Engage was born out of the idea that collaboration between two of the most innovative companies in the cybersecurity space – Mimecast and Elevate Security (acquired by Mimecast) – would ultimately change the game, marking a significant advancement in the way organizations address human risk.   In an increasingly connected world, Mimecast’s Human Risk Management Platform is designed to tackle the evolving and sophisticated threats targeting the human element within organizations. Excited to see what’s next!   To learn more, visit: https://lnkd.in/g6AVJSfj    #cybersecurity #humanrisk #innovation  

At Wheelhouse Advisors, we’re proud to share John A. Wheeler’s latest insights on cybersecurity and integrated risk management in his new article for AuditBoard. As cyber threats and regulatory pressures continue to rise, it’s more important than ever for businesses to adopt a proactive, integrated approach to risk management. Learn how your organization can enhance its resilience, navigate evolving regulations, and stay ahead of cyber risks. Don’t miss this essential read! #CyberSecurity #RiskManagement #IRM #Compliance #BusinessResilience #AuditBoard #ConnectedRisk https://lnkd.in/eUSXCWhW

The Critical Start 2024 Cyber Risk Landscape Peer Report, published on August 5, reveals that “66% of businesses have limited insight into their cyber-risk profiles and that 65% of executives worry about the misalignment between #cybersecurity investments and organizational risk reduction priorities.” Given these challenges, there is a growing trend among businesses to seek assistance to actively improve their cyber risk management. Learn more https://lnkd.in/gESbxixd DefenseStorm can help your financial institution not only identify its level of cyber risk readiness but also provide powerful solutions to keep your FI threat ready and compliant. Contact DefenseStorm today to learn more or take our FREE Cyber Risk Readiness IQ (CRRIQ) to measure your level of cyber risk readiness and get started on a more effective path to managing risk. TAKE THE CRRIQ https://lnkd.in/giXQiW-T

🌟 Calling all IT pros and cybersecurity buffs! 🌟 Let's talk third-party risk management because guess what? Your attack surface just got a whole lot bigger with each new partnership! 🚀 #ainews #automatorsolutions 🛡 Wanna know how to up your game and beat those cyber threats at their own game? Let's dive into the world of threat intelligence and how it's revolutionizing third-party risk management. 💪 🔍 Threat intel is like having your own secret weapon in the cyber warfare, arming you with valuable insights to identify, analyze, and mitigate risks from your expanding network of partners. It's the ultimate power-up for safeguarding your digital fortress. 🛡🔒 📈 So, how can enterprises leverage threat intelligence to stay one step ahead in the cybersecurity game? Here's the lowdown in a nutshell: - Identify potential vulnerabilities in third-party networks - Monitor and assess risks in real-time - Strengthen security protocols and incident response strategies - Enhance overall cybersecurity posture and resilience 🔮 Prediction time! As cyber threats continue to evolve, the role of threat intelligence in third-party risk management will only become more crucial. Stay ahead of the curve and watch your security strategy soar to new heights! 🚀🔒 💬 What's your take on the future of threat intelligence in cybersecurity? Share your thoughts, insights, or even your favorite cyber meme below! Let's keep the conversation going and level up together. 💬💡 #ainews #automatorsolutions #CyberSecurity #ThreatIntelligence #InfoSec #TechTrends #StaySecure #CyberDefense #ITProsUnite Remember, knowledge is power, and in the world of cybersecurity, staying informed is your best defense! 💻🔐 Let's secure the future, one threat at a time. 💪🚀 #CyberSecurityAINews ----- Original Publish Date: 2024-07-24 14:58

ArmorCode Risk Prioritization empowers organizations to reduce risk, increase productivity, and improve ROI by identifying, prioritizing, mitigating and remediating the highest-risk findings based on business context. Read more at, https://lnkd.in/gMPqSUah #ASPM #applicationsecurity #cybersecurity #devsecops

Defend Your Cyber Risk Reports with Confidence! When the board challenges your cyber risk data, are you ready to defend it? Here's how you can improve the defensibility of your cyber risk assessments: ✅ Automate data collection for real-time insights ✅ Leverage FAIR, the industry-standard for risk quantification ✅ Tailor risk assessments to business units for deeper insights ✅ Use FAIR-MAM™ for consistent loss projections ✅ Align with cyber insurance strategies for smarter risk transfer Ready to elevate your cyber risk reporting? Let's make it happen with SAFE Security! #cybersecurity #riskmanagement #CRQ #automation #FAIR https://lnkd.in/gJRJ-YSz