Blog about Cybersecurity andCyber Risk Quantification

We share articles related to cyber risk quantification (CRQ), cybersecurity governance and cyber resilience. Check our blog regularly to see what's new.

EBIOS

A guide to the EBIOS methodology: definition, procedure, limitations

What is the EBIOS cyber risk analysis method? Which structures can make use of it? What are its benefits and drawbacks?

Published on 16 May 2022 (Updated on 2 September 2022)

Cyber attacks

Cyber attacks: how to identify them and protect yourself effectively?

Cyberattacks are malicious attempts to harm a defined target. Find out how to protect your business against cybercrime in 2022.

Published on 25 June 2021 (Updated on 26 August 2022)

crisis response team

How to set up a crisis response team after a cyberattack?

Procedures you should follow to create a crisis response team to anticipate and respond to cyberattacks

Published on 13 August 2021 (Updated on 26 August 2022)

Crisis communication

How to manage crisis communication after a cyberattack?

How to prepare your crisis communication in the event of a cyberattack. From the communication cycle to priority targets and messages: the complete guide.

Published on 2 August 2021 (Updated on 25 August 2022)

Risk Map

How to create a cyber security risk map?

What is risk mapping? What methods should you follow to make it useful? Whom should you involve in the process? How can you adapt it to cyber risks?

Published on 3 December 2021 (Updated on 2 August 2022)

FAIR™️ methodology

FAIR™️ risk methodology: quantifying and managing cyber risk

How is the FAIR methodology different from other cyber risk analysis methods? What is its governing principle? How can you benefit from this standard?

Published on 14 February 2022 (Updated on 2 August 2022)

Risk management

Risk management: how to prevent cyberattacks?

Cyber risk management means looking into the different definitions of risk as well as the resulting management methods.

Published on 14 December 2021 (Updated on 1 August 2022)

Risk analysis

Our guide to performing a Risk Analysis

What definition for cyber risk? Which digital risk analysis methodology should you choose to efficiently protect your IT?

Published on 24 January 2022 (Updated on 1 August 2022)

Sunburst attack

Sunburst supply chain attack

The “Sunburst” supply chain attack impacted hundreds of businesses, and remains one of the most sophisticated and widespread cyberattacks.

Published on 27 June 2022 (Updated on 27 July 2022)

MITM

What is a Man-in-the-Middle Attack (MITM)? How can you protect your company against it?

MITM cyberattack: What Is It? How does it work ? How can you easily prevent it?

Published on 10 September 2021 (Updated on 27 July 2022)

Phishing

How to prevent and avoid phishing?

Corporate phishing attempts are becoming more and more sophisticated, threatening the integrity of sensitive data. Here is all you need to know to make sure you are well protected!

Published on 16 September 2021 (Updated on 27 July 2022)

Ransomware

Ransomware: Understanding and Protecting Yourself from Ransomware

Ransomware poses the biggest cyber threat to businesses in 2021. How does it work? How to protect yourself from it?

Published on 1 September 2021 (Updated on 27 July 2022)

Crisis management

Crisis management: how to effectively manage a cyber crisis?

How to apply the traditional crisis management procedure to a cyber attack? What specificities should you consider? What are the tools at your disposal?

Published on 9 August 2021 (Updated on 27 July 2022)

DDOS attack

How to protect yourself from a DDOS attack or Distributed Denial-of-Service attack?

DDoS attacks, or "Distributed Denial-of-Service" attacks, paralyze their victim sites. Understand how they work to protect yourself.

Published on 20 July 2021 (Updated on 27 July 2022)

Malware

Malware in 2021: understanding and limiting cyber risks

Malware is a cyber attack that exercises unauthorized and harmful actions on your device or system. Learn about malicious software to perfect your cyber security.

Published on 13 July 2021 (Updated on 27 July 2022)

GDPR

GDPR compliance should impact your cybersecurity strategy

Being compliant with GDPR and having efficient data protection policy is a tricky challenge that can be overcome with Cyber Risk Quantification (CRQ).

Published on 15 June 2021 (Updated on 26 July 2022)

ISO 27005

ISO 27005: everything you need to know if you are considering implementing it

Everything you need to know about the international standard ISO 27005: Official definition, summary, methodology, advantages and limitations.

Published on 3 March 2022 (Updated on 13 July 2022)

Disaster Recovery Plan (DRP)

IT DRP: how to plan recovery from a cyber crisis?

What is the IT DRP? How do you set it up to ensure disaster recovery in the event of a computer failure or a cyberattack?

Published on 27 July 2021 (Updated on 13 July 2022)

Third-Party Risk Management

Why is cybersecurity Third-Party Risk Management of paramount importance?

The more business partners an extended enterprise has, the greater the need is to think about third-party cybersecurity risk management.

Published on 24 March 2022 (Updated on 13 July 2022)

NIST Cybersecurity Framework

NIST Cybersecurity Framework: how to manage your cyber risks?

Is the NIST Cybersecurity Framework good at analysing, preventing, and recovering from cyber risk? How can you use this method? Is it enough to protect your structure?

Published on 31 January 2022 (Updated on 13 July 2022)

BCP

Business continuity plan: planning and preparing for a cyberattack

Business Continuity Plan (BCP): what do you need to know? How to prepare for cyberattacks and ensure the resilience of your company?

Published on 6 July 2021 (Updated on 12 July 2022)

ISO 27001

What is ISO 27001 and how does it benefit your cybersecurity strategy?

By enhancing data protection, the ISO 27001 standard contributes to your cybersecurity strategy. What is it? How does it work? What are the benefits?

Published on 29 June 2021 (Updated on 12 July 2022)

FAIR

Company Investissement

Risk is inherent to the enterprise world but difficult to assess and measure

Published on 28 May 2021 (Updated on 21 June 2022)

Risk Quantification

For a lot of industries, Business Continuity (BCP) and Disaster Recovery (DR) is a requirement; however, a lot of the time the programs are minimalistic in nature.

Published on 31 May 2021 (Updated on 17 June 2022)

About Open FAIR Certification

The Open Group FAIR Certification for People program is aimed at meeting the needs of risk analysts and organizations employing risk analysts.

Published on 28 May 2021 (Updated on 17 June 2022)

HAZOP

Is HAZOP applicable to cybersecurity?

The HAZOP method applies to the analysis of cyber risks of the industrial company. A guide to advantages, disadvantages and approaches applied to IT.

Published on 9 December 2021 (Updated on 17 June 2022)

FMEA

Is FMEA suitable for cyber risk analysis?

The FMEA method is qualitative. It is useful in order to draw up a mapping of cyber risks, based on subjective ordinal and nominal scales. Justifying and prioritising corrective actions is far more effective when done through a quantitative analysis.

Published on 1 December 2021 (Updated on 17 June 2022)

TRAINING

Launch of C-Risk training

C-Risk, the European leader in cyber risk quantification using FAIR™ announces the launch of its cyber risk quantification training program.

Published on 28 May 2021 (Updated on 17 June 2022)

Cybersecurity governance

Cybersecurity governance best practices: the complete guide

What is cybersecurity governance? How and why should I implement cybersecurity governance?

Published on 13 April 2022 (Updated on 17 June 2022)

FAIR

FAIR differences

FAIR is an analytical risk model, whereas most information security risk methodologies in use today are Capability Maturity Models (CMM) or checklists.

Published on 28 May 2021 (Updated on 17 June 2022)

RSSI

Challenge budgétaire du RSSI

The current COVID-19 context is putting enormous pressure on companywide budgets including information security.

Published on 28 May 2021 (Updated on 17 June 2022)