Bill FrankFeb 288 min readCyber Risk Quantification Models: FAIR™ vs GRAACE™INTRODUCTION This article picks up where I left off in, Modeling Cybersecurity. In that article I defined modeling, the reason for...
Bill FrankFeb 157 min readModeling CybersecurityIntroduction Modeling is a strategic and proactive approach to understanding, managing, and mitigating risks in the ever-evolving...
Bill FrankSep 6, 20235 min readRestructure Your Risk Register for Risk-based ComplianceThis is Part 2 of my “Risk-based Compliance” series of articles - how to move security from Compliance-based Risk to Risk-based...
Bill FrankJun 21, 20236 min readWhy Move Cybersecurity From Compliance-based Risk to Risk-based Compliance?Compliance-based Risk Management is often adequate for regulatory and customer trust frameworks but is of little use in managing...
Bill FrankFeb 28, 20232 min readWhy bother with CRQ?Cyber Risk Quantification (CRQ) is getting hyped again as the cure-all for cyber risk management. Is it? No, because it’s not needed for...
Bill FrankJan 6, 20232 min readThe Cyber Defense Graph™Monaco Risk's core technology innovation - the Cyber Defense Graph The core innovation of our Monaco Risk's Cyber Control Simulator (CCS)...
Bill FrankApr 28, 20226 min readCybersecurity Risk Management Transformed... from a compliance requirement to a decision-support process for prioritizing and justifying control* investments. Link the technical...
Bill FrankAug 10, 20214 min readThe Other Ransomware Dilemma The most discussed dilemma organizations face about a ransomware attack is whether to pay the ransomware or not. The other dilemma is how...
Bill FrankMay 25, 20214 min readUsing Aggregate Control Effectiveness in the Real WorldThis is my third post about Aggregate Control Effectiveness. In the first one, I introduced the concept and how it helps cybersecurity...