Feedback fra vores kunder giver os ny indsigt i, hvordan SARA-rapporten bruges til at skabe et fælles, datadrevet grundlag for it-risikostyring. Det styrker beslutningsprocesser, prioritering af investeringer og dialogen mellem it, forretning og bestyrelse.
A crisis plan is useless without practice. Real resilience comes from training, adapting, and learning from mistakes. As Mike Tyson said, “Everyone has a plan until they get punched in the mouth.” Train for the punch—so you can keep moving forward.
CRQ replaces guesswork with data-driven insights, prioritising risks by financial impact. Early adopters gain the edge. Waiting for perfect data means falling behind, while those who act can strengthen resilience and drive better outcomes.
Earlier this year, the first part of this article was published. It’s a good place to start to learn why you want to understand your company’s attack surface. Websites and online databases tend to over-share – you...
In a previous article, When a robot gives better estimates than a human, Bo Thygesen from ACI describes how we use the LENS model to avoid human bias and have a “robot” estimate probability and loss for hundreds of systems better and faster than a human can do. How...
Almost daily, we hear about how cyber threats and IT risks increase globally across industries. Sadly, the methods and tools used for IT risk management today do not deliver the consistent decision support that organizations need. On March 23rd 2023, we conducted a...
An important step in any IT risk management process is to clearly define the information assets in scope. But what is an information asset really? How can you best describe your important information assets? And why is it so important to spend time on establishing a...
"Loose Lips Sink Ships" stod der på en propagandaplakat fra Anden Verdenskrig. Det var et af budskaberne fra ”United States Office of War Information”, som bød befolkningen at undgå skødesløs snak, der kunne underminere krigsaktiviteter. Denne samme risiko er i dag...
Kommunikation er svær, også når det drejer sig om risiko for cyberangreb. Bestyrelse og direktion har brug for et klart beslutningsgrundlag, men ofte rammes der forbi med kommunikation, der er enten for teknisk eller for overordnet og abstrakt. Begge tilfælde er...
Hvad er fordelene ved kvantitative eller kvalitative risikovurderinger? Hvorfor og hvornår skal man vælge det ene fremfor det andet? Vi bringer her et gæsteindlæg fra Christian Willemoes, pensioneret CIO fra DLR Kredit, der deler sine betragtninger og erfaringer fra...