Rapid Cybersecurity Risk Assessments

Businesses and governments alike are struggling to effectively protect information systems from cyber-attack. The theory appears sound: We conduct risks assessment, identify areas of risk that exceed our risk tolerance, and apply controls to mitigate them. We monitor the controls, adjust them over time, and update our assessments. However, as evidenced by regular reports of large-scale data breaches, we need a much better approach.

Read Eric’s article for IT in Canada.