Guest Post: In Cybersecurity Risk Analysis, “Feelings” Don’t Count
by Marc Punzirudu, CISA, CISM, CRISC, CISSP, PCI-QSA, PCIP, VCP-DCV.
Do you sometimes feel like your organization is caught in a reactivity loop, especially when it comes to cybersecurity? No leadership team wants to fall behind, but it seems like the multiple priorities that face us often water down our decision making to the point where we are tempted to go by gut instinct rather than hard data.
Recent research by ControlScan found that only 38% of IT professionals are more than “moderately confident” in their organization’s ability to effectively respond to a cybersecurity attack. Even if that 38% are quite confident, basing that confidence on anything but hard numbers is like building a house on shifting sand.
Cybersecurity Risk is Quantifiable
The truth is many companies are basing their cybersecurity risk management on qualitative data. The last thing you want, however, is to base your decisions on guesswork or individual opinions. With qualitative decision making it is difficult at best to create a cybersecurity budget, because it can’t be based on a true cost/benefit analysis.
Quantitative data analysis gives your company a hard number to hang its hat on, because it uses independently verifiable and objective metrics. Your leadership team can then move forward confidently knowing that they have a holistic view of their cybersecurity risk, including that which they will accept and that which they will not.
Yes, there are challenges to quantifying cybersecurity risk; however, it can and should be done in your organization. Plan now to attend “Quantifying Cybersecurity Risk” at TRANSACT Connect, May 12 at 1:00pm ET. Chris Strand, Chief Compliance Officer at IntSights, and I will share real-world tips for moving your organization toward a quantifiable risk management approach.
Click here to register for TRANSACT Connect.
Marc Punzirudu is vice president of Security Consulting Services at ControlScan, which delivers managed security and compliance solutions that help secure IT networks and protect payment card data. He can be found on Twitter at @punzirudu.