Measure
Technical guidance on how data can be better used to measure success, progression and ROI.
Why we need new and better human cyber risk metrics
To make a difference as a security professional today, you need board support. You need resources. You need directors to trust and back you. You need organisational leaders to promote security. So whenever you have the board’s attention – or the attention of those who...
You are almost certainly miscalculating your cyber risk
Unconvinced? Here’s a demonstration. Although it might not seem like it, people’s actions following 9/11 demonstrate just how likely it is you’re miscalculating your cyber risk. Following the terrorist attacks of 9/11, people began to change their travel...
Some simulated attacks help reduce cyber risk. Others are redundant. What’s the difference?
Here’s an interesting conundrum for cyber security professionals. Some simulated attacks reduce human cyber risk. Others, however, have no effect on risk – and may even have a negative impact. Even more perplexing: an identical course of simulated...
Measuring The Effectiveness of Security Awareness Training
Online security awareness training is now the most popular form of security awareness training in the world. As we noted here, that’s good news when it comes to measuring the effectiveness of security awareness training. Offline, things aren’t so easy to track....
Calculating your true phishing vulnerability
Phishing vulnerability assessments and phishing susceptibility rates rarely tell the full story. How can companies calculate their true phishing risk? Have you ever wondered whether your reduced phishing susceptibility rate really shows your true phishing...