ThreatWorx Attenu8 – Vulnerability Prioritization aligned with CISA SSVC
Much has been said about vulnerability prioritization by different cybersecurity vendors, but the absence of a standard guide from an authoritative source had left much to be desired. Well that wait of now over, Cybersecurity and Infrastructure Security Agency (CISA) recently published the CISA Stakeholder-Specific Vulnerability Categorization (SSVC) guide. It is basically a customized decision tree […]
Beyond risk-based cybersecurity…
A 2019 article from McKinsey titled “The Risk-based Approach to Cybersecurity” talked about the need for organizations to move from a “maturity-based” to a “risk-based” approach to cybersecurity. First let us get clarity on some definitions from that article here. Cyber risk is just another kind of operational risk and cyber risk is not the same as cyber threat. […]