Risks posed by the cybersecurity threat landscape are increasingly part of the Enterprise Risk Management (ERM) equation, and present a real challenge for CISOs and other senior security professionals. Quantifying the business impact of a cybersecurity event is a very difficult, if not impossible, task and quantifying the likelihood of such an event is even harder.
According to some experts, it is not possible. "There's no formula for calculating how much the implementation of each control lowers your risk," Matt McBride, Executive Vice President for Digital Transformation at Genesis10, said in a recent article, What is enterprise risk management? How to put cybersecurity threats into a business context, at CSOonline.com. Matt went on to discuss the NIST risk framework as a starting point in the article, which also quoted cybersecurity experts from Aetna, Gartner, SANS Institute, Deloitte and others.
CSO, produced by IDG, serves enterprise security decision-makers and users with the critical information they need to stay ahead of evolving threats and defend against criminal cyberattacks. With incisive content that addresses all security disciplines from risk management to network defense to fraud and data loss prevention, CSO offers unparalleled depth and insight to support key decisions and investments for IT security professionals.
