Logologo
logo
Contact

Blog about Cybersecurity andCyber Risk Quantification

We share articles related to cyber risk quantification (CRQ), cybersecurity governance and cyber resilience. Check our blog regularly to see what's new.

cybersecurity c-risk
how-migrate-cyber-risk-m-and-a-activity

WEBINAR

How to mitigate cyber risk in M&A activity

Experts from C-Risk and RiskLens took part in a webinar discussion aimed at shedding light on how to avoid common pitfalls and more effectively assess controls and their effect on cyber risk

Published on 21 March 2023 (Updated on 21 March 2023)
financial-quantification-cyber-risk-reduce-exposure-ransomware

QUANTIFICATION

Reduce your exposure to ransomware losses in four steps

Follow this 4-steps method based on financial quantification of risk to reduce your exposure to ransomware losses, by gauging the true financial impact of incident.

Published on 27 January 2023 (Updated on 14 February 2023)
understand-how-to-make-better-security-spending-decisions

WEBINAR

Understand how to make better security spending decisions

How to factor IT security controls in the context of cyber risk quantification? Watch discussion of experts from C-Risk and RiskLens.

Published on 26 January 2023 (Updated on 27 January 2023)
ISO 27005

ISO 27005

ISO 27005: everything you need to know if you are considering implementing it

Everything you need to know about the international standard ISO 27005: Official definition, summary, methodology, advantages and limitations.

Published on 3 March 2022 (Updated on 27 January 2023)
Budgetary challenge CISO

RSSI

CISO Budget Challenge

The current COVID-19 context is putting enormous pressure on companywide budgets including information security.

Published on 28 May 2021 (Updated on 27 January 2023)
HAZOP method

HAZOP

Is HAZOP applicable to cybersecurity?

The HAZOP method applies to the analysis of cyber risks of the industrial company. A guide to advantages, disadvantages and approaches applied to IT.

Published on 9 December 2021 (Updated on 27 January 2023)
Can we use FMEA for cyber analysis

FMEA

Is FMEA suitable for cyber risk analysis?

The FMEA method is qualitative. It is useful in order to draw up a mapping of cyber risks, based on subjective ordinal and nominal scales. Justifying and prioritising corrective actions is far more effective when done through a quantitative analysis.

Published on 1 December 2021 (Updated on 27 January 2023)
FAIR-differences

FAIR

FAIR differences

FAIR is an analytical risk model, whereas most information security risk methodologies in use today are Capability Maturity Models (CMM) or checklists.

Published on 28 May 2021 (Updated on 27 January 2023)
Launch training course

TRAINING

Launch of C-Risk training

C-Risk, the European leader in cyber risk quantification using FAIR™ announces the launch of its cyber risk quantification training program.

Published on 28 May 2021 (Updated on 25 January 2023)
Cybersecurity governance

Cybersecurity governance

Cybersecurity governance best practices: the complete guide

What is cybersecurity governance? How and why should I implement cybersecurity governance?

Published on 13 April 2022 (Updated on 25 January 2023)
Risks analysis dark

QUANTIFICATION

Risk Quantification

For a lot of industries, Business Continuity (BCP) and Disaster Recovery (DR) is a requirement; however, a lot of the time the programs are minimalistic in nature.

Published on 31 May 2021 (Updated on 25 January 2023)
Ebios method

EBIOS

A guide to the EBIOS methodology: definition, procedure, limitations

What is the EBIOS cyber risk analysis method? Which structures can make use of it? What are its benefits and drawbacks?

Published on 16 May 2022 (Updated on 5 January 2023)
Cyber attacks identify and protect yourself

Cyber attacks

Cyber attacks: how to identify them and protect yourself effectively?

Cyberattacks are malicious attempts to harm a defined target. Find out how to protect your business against cybercrime in 2022.

Published on 25 June 2021 (Updated on 5 January 2023)
Set up crisis unit

crisis response team

How to set up a crisis response team after a cyberattack?

Procedures you should follow to create a crisis response team to anticipate and respond to cyberattacks

Published on 13 August 2021 (Updated on 5 January 2023)
Set up effective crisis communication

Crisis communication

How to manage crisis communication after a cyberattack?

How to prepare your crisis communication in the event of a cyberattack. From the communication cycle to priority targets and messages: the complete guide.

Published on 2 August 2021 (Updated on 5 January 2023)
cyber risk mapping

Risk Map

How to create a cyber security risk map?

What is risk mapping? What methods should you follow to make it useful? Whom should you involve in the process? How can you adapt it to cyber risks?

Published on 3 December 2021 (Updated on 5 January 2023)
FAIR analysis method

FAIR™️ methodology

FAIR™️ risk methodology: quantifying and managing cyber risk

How is the FAIR methodology different from other cyber risk analysis methods? What is its governing principle? How can you benefit from this standard?

Published on 14 February 2022 (Updated on 5 January 2023)
Risk management

Risk management

Risk management: how to prevent cyberattacks?

Cyber risk management means looking into the different definitions of risk as well as the resulting management methods.

Published on 14 December 2021 (Updated on 5 January 2023)
Risk analysis

Risk analysis

Our guide to performing a Risk Analysis

What definition for cyber risk? Which digital risk analysis methodology should you choose to efficiently protect your IT?

Published on 24 January 2022 (Updated on 5 January 2023)
attack supply chain Sunburst

Sunburst attack

Sunburst supply chain attack

The “Sunburst” supply chain attack impacted hundreds of businesses, and remains one of the most sophisticated and widespread cyberattacks.

Published on 27 June 2022 (Updated on 5 January 2023)
MITM attack

MITM

What is a Man-in-the-Middle Attack (MITM)? How can you protect your company against it?

MITM cyberattack: What Is It? How does it work ? How can you easily prevent it?

Published on 10 September 2021 (Updated on 5 January 2023)
phishing

Phishing

How to prevent and avoid phishing?

Corporate phishing attempts are becoming more and more sophisticated, threatening the integrity of sensitive data. Here is all you need to know to make sure you are well protected!

Published on 16 September 2021 (Updated on 5 January 2023)
Ransomware dark

Ransomware

Ransomware: Understanding and Protecting Yourself from Ransomware

Ransomware poses the biggest cyber threat to businesses in 2021. How does it work? How to protect yourself from it?

Published on 1 September 2021 (Updated on 5 January 2023)
Crisis management

Crisis management

Crisis management: how to effectively manage a cyber crisis?

How to apply the traditional crisis management procedure to a cyber attack? What specificities should you consider? What are the tools at your disposal?

Published on 9 August 2021 (Updated on 5 January 2023)
protect from a DDOS attack

DDOS attack

How to protect yourself from a DDOS attack or Distributed Denial-of-Service attack?

DDoS attacks, or "Distributed Denial-of-Service" attacks, paralyze their victim sites. Understand how they work to protect yourself.

Published on 20 July 2021 (Updated on 5 January 2023)
Malware in 2021 understanding and limiting cyber risks

Malware

Malware in 2021: understanding and limiting cyber risks

Malware is a cyber attack that exercises unauthorized and harmful actions on your device or system. Learn about malicious software to perfect your cyber security.

Published on 13 July 2021 (Updated on 5 January 2023)
no RGPD compliance

GDPR

GDPR compliance should impact your cybersecurity strategy

Being compliant with GDPR and having efficient data protection policy is a tricky challenge that can be overcome with Cyber Risk Quantification (CRQ).

Published on 15 June 2021 (Updated on 5 January 2023)
disaster recovery plan drp

Disaster Recovery Plan (DRP)

IT DRP: how to plan recovery from a cyber crisis?

What is the IT DRP? How do you set it up to ensure disaster recovery in the event of a computer failure or a cyberattack?

Published on 27 July 2021 (Updated on 5 January 2023)
third party risk management

Third-Party Risk Management

Why is cybersecurity Third-Party Risk Management of paramount importance?

The more business partners an extended enterprise has, the greater the need is to think about third-party cybersecurity risk management.

Published on 24 March 2022 (Updated on 5 January 2023)
nist framework

NIST Cybersecurity Framework

NIST Cybersecurity Framework: how to manage your cyber risks?

Is the NIST Cybersecurity Framework good at analysing, preventing, and recovering from cyber risk? How can you use this method? Is it enough to protect your structure?

Published on 31 January 2022 (Updated on 5 January 2023)
BCP in case of cyberattack

BCP

Business continuity plan: planning and preparing for a cyberattack

Business Continuity Plan (BCP): what do you need to know? How to prepare for cyberattacks and ensure the resilience of your company?

Published on 6 July 2021 (Updated on 5 January 2023)
iso 27001

ISO 27001

What is ISO 27001 and how does it benefit your cybersecurity strategy?

By enhancing data protection, the ISO 27001 standard contributes to your cybersecurity strategy. What is it? How does it work? What are the benefits?

Published on 29 June 2021 (Updated on 5 January 2023)
company investment dark

FAIR

Company Investissement

Risk is inherent to the enterprise world but difficult to assess and measure

Published on 28 May 2021 (Updated on 5 January 2023)
fair standard
About Open FAIR Certification

The Open Group FAIR Certification for People program is aimed at meeting the needs of risk analysts and organizations employing risk analysts.

Published on 28 May 2021 (Updated on 5 January 2023)