Tag: Risk management

From Reactive Security to Threat-Informed Defense: My Research Journey on Risk-Based Cybersecurity Prioritisation

After months of research, adversary emulation, lab building, testing, and validation, I’m pleased to share that my cybersecurity research paper, “A Risk-Based Framework for Prioritising Cybersecurity Controls Using MITRE ATT&CK with Empirical Validation via Adversary Emulation,” has now been published on ResearchGate and Zenodo. This research was driven by a simple but important question: Are... Continue Reading →

0

Post 2 — Proving Risk Reduction: How to Quantify Zero-Day Exposure When Patching Is Not Possible

In Part 1, we established a hard truth: when patching is not possible, risk does not disappear, it just simply shifts. The vulnerability remains. Business dependency remains. The threat remains. What changes is how disciplined your response becomes. This is where many organizations fall short. They deploy compensatory controls, such an IPS signature here, a... Continue Reading →

1

Post 1 — When Patching Is Not an Option: Managing Zero-Day Risk Without Breaking the Business

1. Introduction: the day the patch answer fails There’s a moment every experienced security team eventually faces. A zero-day is disclosed. The exploit is real. The system is exposed. And then someone asks the question that sounds routine—but isn’t: “When can we patch?” You pause. Because this time, patching isn’t possible. The application is legacy... Continue Reading →

2

Security, Convenience and the Battle for Balance

Introduction In today's digital landscape, organizations and individuals constantly grapple with the delicate balance between security and convenience. While users demand seamless and efficient experiences, security professionals must ensure robust protection against ever-evolving threats. However, security and convenience do not always go hand in hand. Stricter security measures often introduce friction, while overly convenient solutions... Continue Reading →

0

Managing Security Risk: The Importance of KRIs and KPIs

Introduction In the bustling realm of cybersecurity, where threats advance as quickly as technology itself, organizations must navigate a risky landscape filled with potential vulnerabilities. To effectively manage these risks, it's essential to employ a structured framework that incorporates Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs). Let’s dive you into my personal experience... Continue Reading →

0

Part 4: Information Security Risk Management Approach

In the previous parts of our series (Part 1, Part 2 and Part 3), we explored the foundational elements of the risk management lifecycle, the risk assessment process, and risk treatment strategies. Now, we delve into the final phase: Risk Monitoring and Review. This phase involves continuously monitoring the effectiveness of risk management activities and... Continue Reading →

0

Part 2: Information Security Risk Management Approach

In the first part of this series, we explored the foundational elements of the risk management lifecycle as outlined by ISO 27000 series of standards. We will now delve into the second phase: Risk Assessment. This critical step involves identifying, analysing, and evaluating risks to your organization's information assets. 1. Identifying Assets: The initial step... Continue Reading →

2

Part 1: Information Security Risk Management Approach

Introduction: In the world of information security, risk management is of utmost importance. Risk management is the process of identifying, assessing, and mitigating risks with the aim to safeguard critical and sensitive data and maintain its confidentiality, integrity, and availability. Organizations should conduct risk assessments on a regular basis with the goal of moving towards... Continue Reading →

3

Blog at WordPress.com.

Up ↑