Guest Post: In Cybersecurity Risk Analysis, “Feelings” Don’t Count
5-5-2020
by Marc Punzirudu, CISA, CISM, CRISC, CISSP, PCI-QSA, PCIP, VCP-DCV.
Do you sometimes feel like your organization is caught in a reactivity loop, especially when it comes to cybersecurity? No leadership team wants to fall behind, but it seems like the multiple priorities that face us often water down our decision making to the point where we are tempted to go by gut instinct rather than hard data.
Recent research by ControlScan found that only 38% of IT professionals are more than “moderately confident” in their organization’s ability to effectively respond to a cybersecurity attack. Even if that 38% are quite confident, basing that confidence on anything but hard numbers is like building a house on shifting sand.
Cybersecurity Risk is Quantifiable
The truth is many companies are basing their cybersecurity risk management on qualitative data. The last thing you want, however, is to base your decisions on guesswork or individual opinions. With qualitative decision making it is difficult at best to create a cybersecurity budget, because it can’t be based on a true cost/benefit analysis.
Quantitative data analysis gives your company a hard number to hang its hat on, because it uses independently verifiable and objective metrics. Your leadership team can then move forward confidently knowing that they have a holistic view of their cybersecurity risk, including that which they will accept and that which they will not.
Yes, there are challenges to quantifying cybersecurity risk; however, it can and should be done in your organization. Plan now to attend “Quantifying Cybersecurity Risk” at TRANSACT Connect, May 12 at 1:00pm ET. Chris Strand, Chief Compliance Officer at IntSights, and I will share real-world tips for moving your organization toward a quantifiable risk management approach.
Click here to register for TRANSACT Connect.
Marc Punzirudu is vice president of Security Consulting Services at ControlScan, which delivers managed security and compliance solutions that help secure IT networks and protect payment card data. He can be found on Twitter at @punzirudu.
About ETA
The Electronic Transactions Association (ETA) is the world’s leading advocacy and trade association for the payments industry. Our members span the breadth of significant payments and fintech companies, from the largest incumbent players to the emerging disruptors in the U.S. and in more than a dozen countries around the world. ETA members make commerce possible by processing approximately $56.75 trillion annually in purchases and P2P payments worldwide and deploying payments innovation to merchants and consumers.
ETAs membership spans the breadth of the payments industry to include independent sales organizations (ISOs), payments networks, financial institutions, transaction processors, mobile payments products and services, payments technologies, and software providers (ISV) and hardware suppliers. For more information, visit electran.org.
