Bill FrankSep 65 minRestructure Your Risk Register for Risk-based ComplianceThis is Part 2 of my “Risk-based Compliance” series of articles - how to move security from Compliance-based Risk to Risk-based...
Bill FrankJun 216 minWhy Move Cybersecurity From Compliance-based Risk to Risk-based Compliance?Compliance-based Risk Management is often adequate for regulatory and customer trust frameworks but is of little use in managing...
Bill FrankFeb 282 minWhy bother with CRQ?Cyber Risk Quantification (CRQ) is getting hyped again as the cure-all for cyber risk management. Is it? No, because it’s not needed for...
Bill FrankJan 62 minThe Cyber Defense Graph™Monaco Risk's core technology innovation - the Cyber Defense Graph The core innovation of our Monaco Risk's Cyber Control Simulator (CCS)...
Bill FrankApr 28, 20226 minCybersecurity Risk Management Transformed... from a compliance requirement to a decision-support process for prioritizing and justifying control* investments. Link the technical...
Bill FrankAug 10, 20214 minThe Other Ransomware Dilemma The most discussed dilemma organizations face about a ransomware attack is whether to pay the ransomware or not. The other dilemma is how...
Bill FrankMay 25, 20214 minUsing Aggregate Control Effectiveness in the Real WorldThis is my third post about Aggregate Control Effectiveness. In the first one, I introduced the concept and how it helps cybersecurity...
Bill FrankMay 5, 20213 minUse Aggregate Control Effectiveness to Unify Compliance and SecurityDoes meeting compliance requirements divert resources from improving cyber posture? Compliance frameworks define what you need to do....
Bill FrankApr 20, 20212 minMeasure and Improve Aggregate Control EffectivenessSelecting a cybersecurity control based on its individual effectiveness can be misleading. A new, upgraded, or replacement control, no...