Bill FrankFeb 288 minCyber Risk Quantification Models: FAIR™ vs GRAACE™INTRODUCTION This article picks up where I left off in, Modeling Cybersecurity. In that article I defined modeling, the reason for...
Bill FrankFeb 157 minModeling CybersecurityIntroduction Modeling is a strategic and proactive approach to understanding, managing, and mitigating risks in the ever-evolving...
Bill FrankSep 6, 20235 minRestructure Your Risk Register for Risk-based ComplianceThis is Part 2 of my “Risk-based Compliance” series of articles - how to move security from Compliance-based Risk to Risk-based...
Bill FrankJun 21, 20236 minWhy Move Cybersecurity From Compliance-based Risk to Risk-based Compliance?Compliance-based Risk Management is often adequate for regulatory and customer trust frameworks but is of little use in managing...
Bill FrankFeb 28, 20232 minWhy bother with CRQ?Cyber Risk Quantification (CRQ) is getting hyped again as the cure-all for cyber risk management. Is it? No, because it’s not needed for...