Reporting on Risk to the Board - A CISO's Approach


Download In this article, we'll take a look at why the reporting on vulns closed--rather than taking a more strategic view of risk approach fails--and how it may be possible to swap out the "numbers game" with a more comprehensive view of risk. Ed explains conceptually how you can do that. Of course, he'll also talk about how Kenna can help, but his intention is to help inform your approach even if you have no interest in Kenna.

In many organizations, reporting on risk is actually all about volume: "We closed this many vulns last quarter, and last month, and this month/" Sometimes, the extra step has been taken of assigning CVSS or scanner scores to each vulnerability, with the hopes of demonstrating that the closed vulns represent a particular level of criticality.

0 Comment

Leave a Reply

Captcha image