Bill Frank
Restructure Your Risk Register for Risk-based Compliance
This is Part 2 of my “Risk-based Compliance” series of articles - how to move security from Compliance-based Risk to Risk-based...
top of page
The Monaco Risk
Blog
Posts about a new approach to cybersecurity risk management that bridges the gap between security teams who generate technical metrics and business leaders who manage risks in financial terms.
Bill Frank
- Jun 21
- 6 min
Why Move Cybersecurity From Compliance-based Risk to Risk-based Compliance?
Compliance-based Risk Management is often adequate for regulatory and customer trust frameworks but is of little use in managing...
Bill Frank
- Feb 28
- 2 min
Why bother with CRQ?
Cyber Risk Quantification (CRQ) is getting hyped again as the cure-all for cyber risk management. Is it? No, because it’s not needed for...
Bill Frank
- Jan 6
- 2 min
The Cyber Defense Graph™
Monaco Risk's core technology innovation - the Cyber Defense Graph The core innovation of our Monaco Risk's Cyber Control Simulator (CCS)...
Bill Frank
- Apr 28, 2022
- 6 min
Cybersecurity Risk Management Transformed
... from a compliance requirement to a decision-support process for prioritizing and justifying control* investments. Link the technical...
Bill Frank
- Aug 10, 2021
- 4 min
The Other Ransomware Dilemma
The most discussed dilemma organizations face about a ransomware attack is whether to pay the ransomware or not. The other dilemma is how...
Bill Frank
- May 25, 2021
- 4 min
Using Aggregate Control Effectiveness in the Real World
This is my third post about Aggregate Control Effectiveness. In the first one, I introduced the concept and how it helps cybersecurity...
Bill Frank
- May 5, 2021
- 3 min
Use Aggregate Control Effectiveness to Unify Compliance and Security
Does meeting compliance requirements divert resources from improving cyber posture? Compliance frameworks define what you need to do....
Bill Frank
- Apr 20, 2021
- 2 min
Measure and Improve Aggregate Control Effectiveness
Selecting a cybersecurity control based on its individual effectiveness can be misleading. A new, upgraded, or replacement control, no...
bottom of page