hachyderm.io is one of the many independent Mastodon servers you can use to participate in the fediverse.
Hachyderm is a safe space, LGBTQIA+ and BLM, primarily comprised of tech industry professionals world wide. Note that many non-user account types have restrictions - please see our About page.

Administered by:

Server stats:

8.9K
active users

#PositiveSecurity

0 posts0 participants0 posts today

Only 1/3 of UK businesses have ever conducted a cyber risk assessment 😮

Plus we often hear from IT and Security Teams that struggle to know what makes a *good* risk assessment?

This is despite risk being widely regarded as the foundation for any cyber security programme. It features in government guidance, international standards, and wider good practice.

So we're starting a new series on the Cydea blog looking into just that. Plus tips and tricks on how you can up your #cyber #risk game (and maybe sneak in a bit of #CRQ too 🤑)

Check out the link below to the first part where we touch on preparation and (briefly) identifying risk - then make sure you're following Cydea for future updates!

What makes a good risk assessment? >> cydea.com/blog/what-makes-a-go

cydea.comWhat makes a good risk assessment? — CydeaA risk assessment is widely regarded as the foundation for any cyber security programme. It features in government guidance, international standards, and wider good practice.

Hop in the Cydea time machine and take a ride with us as we take a look at how #DORA could have changed history 🕰️

Penny takes a look at the Travelex and Tesco Bank incidents and how #risk management and #resilience testing could have played an important role in preventing and rebounding from those incidents.

Check out her blog post here: cydea.com/blog/dora-changing-h

cydea.comHow DORA could have changed history? — CydeaGain an understanding of your DORA compliance by taking our DORA Readiness Quiz. In a few short months, the Digital Operational Resilience Act (DORA) will come into effect for organisations operating in the European financial sector.

Penny's back with the next in our digital operational resilience series, this time looking at the differences between #DORA and #ISO27001.

Complying with a risk-based standard like ISO 27001 gets you a long way there, but there are still areas where you may need to do more.

Check out the Penny's blog post for the key differences between DORA vs ISO 27001, and for a link to Cydea's free DORA Readiness Quiz!

👉 cydea.com/blog/dora-difference

cydea.comHow does DORA differ to ISO 27001? — CydeaGain an understanding of your DORA compliance by taking our DORA Readiness Quiz. The EU Digital Operational Resilience Act, commonly known as DORA, will come into force in just a few short months, so organisations within scope will have to be prepared before January 2025.

Join us at #RISK, the UK’s premier event for governance, risk, and compliance, in just over a month!

You'll find @cydea at booth 73 (next to the coffee ☕️) discussing ways to improve cyber risk conversations, and showing off our Risk Platform!

Plus, don't miss @rto on 10th October in the Risk Theatre at 12:00: "Quantifying Cyber Risk: Tools and Techniques for Better Decision Making"

You can book your free ticket here: buytickets.at/grcworldforums/1

"Security teams are struggling to conduct accurate risk assessments and communicate the results with business and technology colleagues. They find simple questions like 'what is our risk?' difficult to answer meaningfully."

Check out this interview with Cydea founder Robin Oldham about why we need to change how we understand #cyber #risk

betanews.com/2024/07/31/why-we

BetaNews · Why we need to change how we understand cyber risk [Q&A]Cybersecurity is a high priority for organizations, yet often they're unsure if they're focusing their effort in the right places, and spending too much or too little on protecting themselves.

What is "likely?" 🤔

This is what #BSides Exeter thought... ignoring the 0% trolls, "likely" means anywhere between ~30% and ~90% to the 50+ people that voted in our poll.

If you're struggling to communicate your #CyberRisk or don't feel like you're being heard, Cydea can help. Turn ambiguous statements into meaningful numbers that can underpin security programmes, investment cases, or show the benefit you're bringing to the business.

cydea.com/platform/

Whew! What a jam packed three days.

Some of our key takeaways from the conference,
AI:
Not quite the ‘AI in cyber show’. A lot of vendors have integrated AI, using marketing terms such as ‘AI-reinforced’, but we didn’t see AI products built from the ground up, apart from in the start-up zone. AI felt like a substitution for ‘automation’ without an insight into the wider benefits.

Zero Trust:
Once a hot topic in the industry, zero trust was noticeable by its absence in strap-line marketing. It is now just on the features list, which indicates it has made its way through the hype phase and is accepted as standard for how things are done now.

Risk:
Risk is still a word you see a lot, but in the context of output from technical tools and/or services. Products around risk assessment and management are still few and far between. The 5x5 risk matrix and RAG statuses continues to dominate product dashboards.

Thank you to everyone who stopped by to chat to us, we hope you enjoyed the Cyber 100 Club with us.

If you missed the conference but want to chat, get in touch either here or by emailing hello@cydea.com

If you’re at #Infosec2024 next week then we'd love to speak with you and offer you a break and chance to recharge.

We would love to catch up with our connections and have the perfect opportunity at the Cyber 100 Club next door.

It’s only a minute’s walk from ExCel, away from the hustle and bustle of the main exhibition, and you can enjoy hot and cold food, and a selection of beverages on us!

Whether you want to talk about your cyber risk programme, or just catch up, we’d love to see you.

Schedule a meeting: docs.google.com/forms/d/e/1FAI

Security Operation Centres (SOCs) are an important source of situational awareness and operational capability for organisations. They need to be built on a foundation of clear mission, skilled people, robust processes, and technology fed with the right data.

We can help you understand if you have the right capabilities, coverage and competencies to match the risk profile of your business. Then our pragmatic, actionable recommendations will help to improve the effectiveness and efficiency of your SOC and improve your return on investment.

Contact us to find out about how we can help you:

Define your detection and response strategy

Example the business case for in or out-sourcing

Conducting a performance assessment of your existing SOC

Visit cydea.com/services/security-op

Kaluza’s technology empowers some of the biggest energy retailers to better serve millions of customers and help them transition to net-zero.

Michelle spoke at our launch event about why she’s excited for the Cydea Risk Platform and the impact it’ll have on risk management across her organisation.

Get started today to:
📉Tangibly demonstrate how your security efforts directly reduce the risk faced by your business
✍️Identify and make ROI-driven decisions in business proposals
🏢Tie cyber into organisation-wide risk management strategies

youtu.be/JX5s1O3n174

We’ve shared lots of exciting content from our launch of the Cydea Risk Platform.

But why should you sign up and close the loop on cyber risk?

Simply:
Track and manage your risk.
Improve cyber risk conversations.
Comply with frameworks.
Learn from security incidents.

Head to the comments to get started today!

There are some big, well documented problems with 5x5 risk matrices (or ‘PIGs’ as we like to call them!🐖) We think they hinder, rather than help, communication.

Cydea Risk Platform helps achieve better security outcomes, such as improved communication between security, technology and business teams.

That’s why, when you open an assessment, you see an easy to understand ‘loss exceedance curve’. It shows you the aggregate risk of all your scenarios in your assessment. Clear, easy-to-digest visuals of your overall risk posture, and how it relates to your risk tolerance.

No more ‘how many ambers make a red’ or trying to mix colours. 🟥+🟨+🟩🟰🟫

If you’ve struggled to get buy-in for cybersecurity investments, or demonstrate the value in your security programme, then cyber risk quantification can help you achieve those goals (and much more!).

Plus you can import your existing risk register to get started in no time at all.

Get started today! cydea.com/platform

Wow! What a night! Thank you to everyone who joined us at Soho Hotel last night to celebrate the launch of Cydea Risk Platform, a software-as-a-service solution that:

⏱️ radically accelerates cyber risk and compliance programmes,

💰 quantifies and models risk in monetary terms, and

🤝 improves communication and decision making between business, IT and security teams.

We can’t wait for you to get your hands on the platform, and start closing the loop on cyber risk. Check out cydea.com/platform/ find out more and get started, or send us a message to arrange a time to find out more!

The NCSC’s Cyber Assessment Framework (CAF) is an initiative aimed at helping organisations running essential services and critical infrastructure achieve an appropriate level of cyber resilience.

We believe in the principles of CAF and view the assessment as a great framework to help build cyber reliance in your organisation, however we also appreciate the level of detail required (in addition to BAU) means that sometimes you need a partner to share the load.

Why not make that partner us? cydea.com/services/ncsc-caf-cy

"Cyber security is a vital element for every business, but it's particularly important for our portfolio companies because the businesses we invest in are fast growing, constantly evolving... It was really important to us that this was a true partnership and we found someone that we could work with and work alongside, as opposed to outsourcing."

We work in partnership with clients, like Inflexion and their portfolio companies, to understand and improve cyber security postures and protect their growth.

youtu.be/VwKwB3HM-uM