At Cydea we believe in risk management should be consistent in its approach, informed by the data you have, and automated where possible. It’s part of our belief in positive security. Annual risk assessment workshops and ‘five-by-five’ risk matrices are no longer good enough. They don’t invite unacceptably wide margin for error and do not keep pace with modern business.
We think it is time to do something about that. And we would like your help!
We are currently developing our approach to quantifying and presenting your cyber security risk. We want it to answer those questions like ‘what is our risk posture?’ and ‘how has it changed over time?’ and ‘what is our security return on investment?’
We think that our approach should:
- Improve communication between ‘security’ and ‘the board’
- Quantify the level of cyber risk an organisation has
- Identify areas where actions are needed to bring risk to an acceptable level
- Present opportunities to improve operational efficiency
- Close the loop on security incident reporting
If these are some of the challenges you face in your role, you get excited by risk quantification, operational efficiency, and continual improvement and are a CIO, CISO or cyber risk manager in a business with over 500 employees …then we would love to hear from you! (Skip straight to register your interest!)
In the first instance, we will be looking to conduct a 30-minute research video call with you to understand more about your organisation and security mission. We are also interested in what incident data you capture and how you track and store it.
In return, we’ll be sharing our approach and tooling with you as it develops, plus other security data and survey results that can take back into your organisation.