Organising a cyber crisis exercise is not an easy task. From the preparation to the D-Day, a lot of unforeseen events can occur and the preparation teams need to remain a step ahead of the players. This article will break down the steps to a successful cyber crisis exercise…
Create a relationship of trust with the executive committee: step 2, solidify the organisation's posture and explain the lines of action Creating a relationship of trust with the executive committee is a long-term action. After a first step that often involves raising awareness and putting the cyber risk into perspective…
Security organisation are facing more and more employees leaving. There is an urgent need to rebuild a more readable operational model with a trend in pooling and eliminating redundancies. This article will present an attempt at explaining this situation and…
[nota bene: this article has been translated to English for accessibility reasons. It does not address UK or US regulations, but only French ones regarding Security Accreditation (“homologation” in French). It is nonetheless useful for any organization wanting to implement…
Since the last edition of the radar, the world has been hit hard by an unprecedented viral pandemic. This has piled on the pressure to fast track digital transformations set in a context of increasingly active cybercriminals and an ever-growing threat. Against…
If we have seen in a previous article the predominance of FAIR in the world of quantification[1], another article published here in early June[2] (detailing the FAIR method in its second part) emphasizes the care to be taken in the…
A few months ago, François LUCQUET and Anaïs ETIENNE told us of the growing interest in quantifying cyber risks[1], but also warned us against going to the path of quantification without prior reflection. Their analysis, which is still relevant, emphasized…
More and more clients request our help regarding their third-party cyber risk management strategy. Indeed, third parties constitute a privileged attack vector. A recent study from Soha Systems showed that 60% of security incidents involve directly or indirectly a supplier.…
Citalid is a French tech startup founded in 2017 that provides CISOs and Risk Managers with a software for quantifying and managing cyber risk. Citalid's highly innovative technology enables its clients to benefit from simulations, metrics and recommendations that are…
As of now, it is interesting to note that it is the real attacks themselves that most easily allow us to quantify the cyber risks, and this by estimating the costs involved. It is estimated that NotPetya, the famous 1-billion-dollar…
