Do Any of These Sound Familiar?
There have been several recurring themes for the past few years at every industry event, in every mainstream magazine, and on the websites of security bloggers. Themes like:
- "How do we know we're secure enough?"
- "How do we create business justification for security investment?"
- "What are good and useful metrics?"
- "What Key Performance Indicators should we be reporting to management?"
- "How can we measure risk and security?"
These themes are repeated because they're important. And they're repeated because the methods our profession has been using to answer these questions have been tried and found wanting.
How About A New Approach, One That's Tested...
The fact is, Information Risk Management is a relatively new discipline. And the solutions our profession has been creating to try to answer these tough questions tend to be control standards or compliance checklists.
What has been missing is a model that is easy to understand, logical, and that allows us to quantify risk.
Risk Management Insight (RMI) was started to help organizations take advantage of a new approach to risk management based on models and methods of measurement we developed over the past seven years at large companies protecting sensitive information.
Our methods can show you what to measure, how to measure, and how to derive meaning from those measurements.
Our services include the consulting, training and tools necessary to help the CISO create a truly risk-managed organization. A risk-managed organization that sees:
- A greatly improved ability to communicate and explain to management the value proposition of security initiatives and practices
- Increased credibility in the eyes of management and other lines of business
- Much better leverage in the budget process
We'll be at speaking at:
Panel participation at the Northeast Ohio Infosec Forum.
The Latest from RMI's RiskAnalys.is weblog:
