Blog about Cybersecurity andCyber Risk Quantification

We share articles related to cyber risk quantification (CRQ), cybersecurity governance and cyber resilience. Check our blog regularly to see what's new.

CYBER RISK

Examining the complexities of Cyber Risk Insurance

Understanding your financial exposure to cyber risks, such as cybercrime, gives you the edge in negotiations for cyber insurance coverage for cyber incidents.

Published on 16 August 2023

Sunburst attack

Sunburst supply chain attack

The “Sunburst” supply chain attack impacted hundreds of organisations and remains one of the most sophisticated and widespread cyberattacks ever.

Published on 27 June 2022 (Updated on 7 August 2023)

FAIR™️ methodology

FAIR™️ risk methodology: quantifying and managing cyber risk

How is the FAIR methodology different from other cyber risk analysis methods? What is its governing principle? How can you benefit from this standard?

Published on 14 February 2022 (Updated on 31 July 2023)

IT Disaster Recover Plan: build resilience while facing cybersecurity challenges

Disaster Recovery Plan (DRP)

IT DRP: how to plan recovery from a cyber crisis?

What is the IT DRP? How do you set it up to ensure disaster recovery in the event of a computer failure or a cyberattack?

Published on 27 July 2021 (Updated on 21 June 2023)

Third-Party Risk Management

Why is cybersecurity Third-Party Risk Management of paramount importance?

The more business partners an extended enterprise has, the greater the need is to think about third-party cybersecurity risk management.

Published on 6 June 2023

GDPR

GDPR compliance should impact your cybersecurity strategy

Being compliant with GDPR and having efficient data protection policy is a tricky challenge that can be overcome with Cyber Risk Quantification (CRQ).

Published on 6 June 2023

Risk analysis

Our guide to performing a Risk Analysis

What definition for cyber risk? Which digital risk analysis methodology should you choose to efficiently protect your IT?

Published on 24 January 2022 (Updated on 6 June 2023)

Business continuity plan: How to build your cyber resilience

BCP

Business continuity plan: planning and preparing for a cyberattack

Business Continuity Plan (BCP): what do you need to know? How to prepare for cyberattacks and ensure the resilience of your company?

Published on 6 July 2021 (Updated on 6 June 2023)

CYBER RISK

Is Cloud Computing a Risk?

The Cloud & Your Digital Assets: CRQ Methods for Risk Management

Published on 31 May 2023

A guide to managing cybersecurity for the future

Discover how cybersecurity and information security risk management empowers organisations to make well-informed decisions and strengthen cyber resilience.

Published on 3 May 2023

TRAINING

Launch of C-Risk training

C-Risk, the European leader in cyber risk quantification using FAIR™ announces the launch of its cyber risk quantification training program.

Published on 28 May 2021 (Updated on 3 May 2023)

ISO 27001

What is ISO 27001 and how does it benefit your cybersecurity strategy?

By enhancing data protection, the ISO 27001 standard contributes to your cybersecurity strategy. What is it? How does it work? What are the benefits?

Published on 29 June 2021 (Updated on 3 May 2023)

NIST Cybersecurity Framework

NIST Cybersecurity Framework: how to manage your cyber risks?

Is the NIST Cybersecurity Framework good at analysing, preventing, and recovering from cyber risk? How can you use this method? Is it enough to protect your structure?

Published on 31 January 2022 (Updated on 3 May 2023)

Malware

Malware in 2021: understanding and limiting cyber risks

Malware is a cyber attack that exercises unauthorized and harmful actions on your device or system. Learn about malicious software to perfect your cyber security.

Published on 13 July 2021 (Updated on 3 May 2023)

DDOS attack

How to protect yourself from a DDOS attack or Distributed Denial-of-Service attack?

DDoS attacks, or "Distributed Denial-of-Service" attacks, paralyze their victim sites. Understand how they work to protect yourself.

Published on 20 July 2021 (Updated on 3 May 2023)

Crisis management

Crisis management: how to effectively manage a cyber crisis?

How to apply the traditional crisis management procedure to a cyber attack? What specificities should you consider? What are the tools at your disposal?

Published on 9 August 2021 (Updated on 3 May 2023)

Ransomware

Ransomware: Understanding and Protecting Yourself from Ransomware

Ransomware poses the biggest cyber threat to businesses in 2021. How does it work? How to protect yourself from it?

Published on 1 September 2021 (Updated on 3 May 2023)

Phishing

How to prevent and avoid phishing?

Corporate phishing attempts are becoming more and more sophisticated, threatening the integrity of sensitive data. Here is all you need to know to make sure you are well protected!

Published on 16 September 2021 (Updated on 2 May 2023)

MITM

What is a Man-in-the-Middle Attack (MITM)? How can you protect your company against it?

MITM cyberattack: What Is It? How does it work ? How can you easily prevent it?

Published on 10 September 2021 (Updated on 2 May 2023)

Risk management

Risk management: how to prevent cyberattacks?

Cyber risk management means looking into the different definitions of risk as well as the resulting management methods.

Published on 14 December 2021 (Updated on 2 May 2023)

Risk Map

How to create a cyber security risk map?

What is risk mapping? What methods should you follow to make it useful? Whom should you involve in the process? How can you adapt it to cyber risks?

Published on 3 December 2021 (Updated on 2 May 2023)

Crisis communication

How to manage crisis communication after a cyberattack?

How to prepare your crisis communication in the event of a cyberattack. From the communication cycle to priority targets and messages: the complete guide.

Published on 2 August 2021 (Updated on 2 May 2023)

crisis response team

How to set up a crisis response team after a cyberattack?

Procedures you should follow to create a crisis response team to anticipate and respond to cyberattacks

Published on 13 August 2021 (Updated on 2 May 2023)

Cyber attacks

Cyber attacks: how to identify them and protect yourself effectively?

Cyberattacks are malicious attempts to harm a defined target. Find out how to protect your business against cybercrime in 2022.

Published on 25 June 2021 (Updated on 2 May 2023)

EBIOS

A guide to the EBIOS methodology: definition, procedure, limitations

What is the EBIOS cyber risk analysis method? Which structures can make use of it? What are its benefits and drawbacks?

Published on 16 May 2022 (Updated on 2 May 2023)

QUANTIFICATION

Risk Quantification

For a lot of industries, Business Continuity (BCP) and Disaster Recovery (DR) is a requirement; however, a lot of the time the programs are minimalistic in nature.

Published on 31 May 2021 (Updated on 2 May 2023)

Cybersecurity governance

Cybersecurity governance best practices: the complete guide

What is cybersecurity governance? How and why should I implement cybersecurity governance?

Published on 13 April 2022 (Updated on 2 May 2023)

FAIR

FAIR differences

FAIR is an analytical risk model, whereas most information security risk methodologies in use today are Capability Maturity Models (CMM) or checklists.

Published on 28 May 2021 (Updated on 2 May 2023)

FMEA

Is FMEA suitable for cyber risk analysis?

The FMEA method is qualitative. It is useful in order to draw up a mapping of cyber risks, based on subjective ordinal and nominal scales. Justifying and prioritising corrective actions is far more effective when done through a quantitative analysis.

Published on 1 December 2021 (Updated on 2 May 2023)

HAZOP

Is HAZOP applicable to cybersecurity?

The HAZOP method applies to the analysis of cyber risks of the industrial company. A guide to advantages, disadvantages and approaches applied to IT.

Published on 9 December 2021 (Updated on 2 May 2023)

ISO 27005

ISO 27005: everything you need to know if you are considering implementing it

Everything you need to know about the international standard ISO 27005: Official definition, summary, methodology, advantages and limitations.

Published on 3 March 2022 (Updated on 2 May 2023)

QUANTIFICATION

Reduce your exposure to ransomware losses in four steps

Follow this 4-steps method based on financial quantification of risk to reduce your exposure to ransomware losses, by gauging the true financial impact of incident.

Published on 27 January 2023 (Updated on 2 May 2023)

RSSI

CISO Budget Challenge

The current COVID-19 context is putting enormous pressure on companywide budgets including information security.

Published on 28 May 2021 (Updated on 2 May 2023)

About Open FAIR Certification

The Open Group FAIR Certification for People program is aimed at meeting the needs of risk analysts and organizations employing risk analysts.

Published on 28 May 2021 (Updated on 20 April 2023)

WEBINAR

How to gain executive support for measuring cyber risk

Cyber risk : how to prove control tools investments ? Understand the improving risks decisions approach through this third webinaire

Published on 14 April 2023 (Updated on 14 April 2023)

WEBINAR

How to mitigate cyber risk in M&A activity

Experts from C-Risk and RiskLens took part in a webinar discussion aimed at shedding light on how to avoid common pitfalls and more effectively assess controls and their effect on cyber risk

Published on 21 March 2023 (Updated on 21 March 2023)

FAIR

Company Risks

Risk is inherent to the enterprise world but difficult to assess and measure

Published on 1 February 2023

WEBINAR

Understand how to make better security spending decisions

How to factor IT security controls in the context of cyber risk quantification? Watch discussion of experts from C-Risk and RiskLens.

Published on 26 January 2023 (Updated on 27 January 2023)