Ray is experienced in using the NIST CSF, NCSC CAF and CIS Controls to help organisations assess their cyber security posture, and identify areas for improvement. He has worked with multiple large organisations, bringing together larger datasets from multiple constituent parts to provide meaningful information.
The maths explained series: compound risk calculations to show overall risk profiles
In What do you do when there’s more than one risk? I talked about why, when you want to consider multiple risks together, you can’t just add them together.
What do you do when there’s more than one risk?
What do you do when there’s more than one risk? Let’s do a little thought experiment. Imagine that you’re in charge of controlling cyber security risks in your organisation, and that you can only afford to implement one control this quarter.
Even if your data’s in the cloud, its security is still your problem
“We don’t need to have our own encryption keys, all of our data is in the cloud.” Cloud services are a useful resource for shifting CapEx (capital expenditure) requirements to OpEx (operational expenditure).
Qualitative and quantitative risk analysis
Let’s start with some dictionary definitions: Qualitative, adj: “based on information that cannot be easily measured, such as people’s opinions and feelings, rather than on information that can be shown in numbers”
Why you should have Incident Response playbooks
Cydea’s Incident Response plan template Incident, n: “An event that is either unpleasant or unusual.” – Cambridge English Dictionary How confident do you feel that, if your company was hit by a cyber incident, you and your team know what to do, and in what order?