Cyber Security Hub recently asked the community "What is the last thing to do in 2020?" Not surprisingly, a consistent response was manage risk. Both taking inventory of risk and budgeting or insuring for risk came up on the list.
Episode Summary:
Every cyber security executive has to express the value of security activities in terms of measurable and defined outcomes based on risk reduction. This requires a rich understanding of the threat environment, a clear appreciation of the concept of criticality, and an awareness of the potential impact of cyberattacks from an operational business standpoint. Senior Vice President of Global Intelligence for Recorded Future, Mr. Levi Gundert rejoins co-host Andy Bonillo on Episode #160 of Task Force 7 Radio to give a readout on his new book The Risk Business: What CISO's Need to Know About Risk-Based Cyber Security. Levi discusses the case for risk based cyber security, how risk is the language of business, threat driven vs compliance driven security, and what risk driven security programs look like.