Does anyone have experience with cyber risk quantification tools like balbix, safe security? I run risk management at my company. Is it comprehensive enough for risk identification etc?

like
Posting as :
works at
You are currently posting as works at

Superb, we have rapid7 and would be looking to move to tenable one. We use Nist CSF and winging it method today lol. We have a risk register tho

like

Are you already following any specific risk management frameworks?

Also what are you using for vulnerability management? And ballpark annual spend for that / general info security?

We’re not using any crq right now (can’t even get people to identify a critical system) but:

Your existing VM platform may already have this built in or as an add on. You’ll also want a tool that maps to or integrates the RMF you’re using g, at least to get good value. But also they’re not cheap.

We’ve got tenable and I’d looked at tenable one for this. Rapid7 may have it buried in their overall tooling but I can’t find anything by name. Our siem and xdr tooling (elastic, Microsoft ) also has some of this functionality

We’re using top down CRQ tools to quantify value at risk and some risk impact scenarios. The models are based on peer firmographics and historical cyber loss data mostly from insurance. Gives us some good value for board reporting and discussions with cyber insurance providers

Related Posts

Hi, brains

i have updated my resume on linkedIn and naukri.. Only few calles only i get..

If any vacancy is avalable in your firm pls refer me
Looking banglore loc
Java dev with 5 yr exp (spring, hibernate, microservice)

like

Putting in my two weeks with no job lined up to spend some time with my family and volunteering. Anyone have experience with a gap in employment? Will this ruin my chances of getting a “good” job by January? Have I gone completely insane?

like
like

Does Deloitte provide cab facility?

like

Xbox Series X/S or PlayStation 5 or stick with Xbox One?

like

Is there anyone in real estate tax advisory that would happy to share what’s the work and daily operation is like? Would like to learn more about it!

like

Who has the Descovy business?

like

Please help me to choose

I have two offers in hand.

Nagarro - 21 Fixed + 1 Variable
EPAM Systems - 24 Fixed

Which one should I choose from above?

How can I request for counter offer to Nagarro? Can anyone please suggest some email template?

And yes, will Nagarro match my counter offer?

#offer #offernegotiations #multipleoffers

like

I’m currently working with a senior level HR candidate. This individual has a doctorate in business with a focus in HR, her SPHR, Federal, and private sector experience at the singer level, and has a fabulous personality. I’m curious is anyone else having difficulties play some candidates like this? At this point I’m starting to think it’s racial or her sex based of the lack of interest in this candidate. Any thoughts?

like

What do I say and resign to get released early? Cant wait for 3 months notice period to get over.

like

Best Drizly promo codes worth $10 and up?

$5 is easy to find but $10 ensures a free delivery 😜

like

2021 Recruitment: What are the recruitment expectations for your firms this year? Is it going to be similar to last year with little to no recruiting in the UAE and some in KSA, or you reckon will be generally better?
My firm, a small boutique in the region, is only recruiting on a case-by-case basis this year.

like

Hi fishies! Considering an internal big 4 move from Western Europe to Dubai. Not sure about WLB and whether there’ll be enough growth and learning opportunities after reading some of the threads here. Anyone up for sharing their experience? Especially concerned about sexism / racism as a WOC…and whether moving back to Europe in a few years will be difficult because the ME experience won’t be considered valuable.

like

I’m a first-year MBB analyst. My dream role is helping energy / climate tech companies grow (more interested in ops/strategic work than in cutting checks). Are there funds that might be a good fit?

like

Reached theoretical financial freedom (4% of networth covers 120% of my yearly spending)
What should I do?
-Motivation to grind at BCG is not here anymore and honestly the experience here was underwhelming (~1y as a C, lateralled from other firm)
-Still too risky to open own lifestyle business
-Option to exit to industry for a few years at a 9-6 job?
-Option to do some side hustles?

Anything I should consider when making my decision? Any risks I haven't foreseen?

Thanks!

likeuplifting

Thoughts on PERI? Looks undervalued compared to MGNI and APPS

like

Hi Fishes,
Need your advice. Got HR call for salary discussion they are ready to offer 8.25 lpa + 1L joining bonus .
Is it good offer or should I reject for 2.5 years of experience?

like

How have you seen telehealth and virtual care affect the admin side of the industry?

like

Advice for attacking the data room and putting together my first sell-side disclosure schedules? (Baby M&A att’y 2 months in). I have an associate mentor who encourages me to flag items I don’t understand and will walk through them with me, but at this point, the only thing I understand is that I don’t even know what I don’t know and what I do know that I don’t know is basically everything.

like

How do you deal with students that say they don’t know what to do after you have repeated the directions multiple times?

like

Additional Posts in Cyber Security Bowl

Has anyone left cyber for another technical field (I.e. software engineer) ?

like

Anyone at Protiviti in their Cybersecurity consulting practice willing to chat? Looking to inquire about pay, culture, etc. Thanks!

like

Anyone familiar with Istari-Global and their collective of cyber risk companies? What’s their perception in the market? Opportunity to join US team. Thanks!

like

Hey Cyber friends! I’m a life long professional creative looking to get out. I’m fascinated by Cybersec/Infosec and have been learning a small amount. Tryhackme + YouTube + beginning to learn some python. However, I’m well aware that these baby steps don’t compare to the real job.

My questions: do you like what you do? Would you recommend the field or your discipline to a friend? What is the best and worst part of your job? Grateful for any and all responses. Thanks for letting me lurk! 🙏🏻🙏🏻

like
like

Any recommended study material for CIPP and/or CIPM (still debating the two)?

I have a younger family member (almost 13) who is very interested in cybersecurity. How can this person learn and grow in a safe manner if he/she isn’t near a city with youth clubs and etc? Idea is to reinforce ethics, but this material is far too advanced for the parents.

like

Anyone here do post-breach data mining? Being pursued to start a practice line doing this and trying to understand market value.

like

Joining a group that specializes in incident response. Any recommendations on things I can do this summer to prepare on fundamentals/certs?

like

Hey all, I have been working in Identity and access management space at EY for past 4 years. Need help with understanding best exit opportunities?

Any tips or tricks for CSX certification?

like

What’s a good taxonomy for defining requirements for logging & monitoring? (i.e., apps, db, infra, etc.)

likefunny

Currently stuck in risk but interested in Cyber. Have done one related engagement from a regulatory perspective. But a lot of posts here making me think it’s harder to break into than I expected (non-technical background). If you had a six sigma green belt / supply chain degree/exp., would you still go through the effort of going into Cyber or take easy risk money being offered / easier transition back to supply chain? 2-3 YOE and trying to decide career course, any advice highly appreciated

like

Anyone know what kind of experience or certifications I should be aiming to get if I'm trying to break into a pentest role? I just graduated last year and have about a year of sysadmin experience and am trying to get into it asap. So, I'm already applying/job hunting and probably won't get much replies but. Should I be looking at more security analyst/admin roles first? Going for certs? Getting a masters? Wondering what I can do to improve my chances. TIA

like

How did you decide your speciality in Cybersecurity? Did you naturally gravitate towards one area?

like

Currently working in an IT audit role, what is the best way to transition into cyber ?

like

Tired of your job and want to come to KPMG Cyber Services? Drop me a burner here.

likefunny

How much does Deloitte pay for cybersecurity or devops senior Deloitte roles

like

CCSP (cloud security certification) is it worth to do ?

like

Wondering if anyone here got "provisional" CISSP --obtaining the cert before five years in the industry. Have Security+ and CIPP/US and aiming for BISO role in Fortune 100. Pivoted from consulting. 15+ YOE. Masters degree Management experience. Advice? Thanks.

like

New to Fishbowl?

Download the Fishbowl app to
unlock all discussions on Fishbowl.
That was just a preview…
Sign Up to see all discussions
  • Discover what it’s like to work at companies from real professionals
  • Get candid advice from people in your field in a safe space
  • Chat and network with other professionals in your field
Sign up in seconds to unlock all discussions on Fishbowl.

Already a user?
Login here

Share

Embed this post

Copy and paste embed code on your site

Preview

Download the
Fishbowl app

See what’s happening in your industry
from the palm of your hand.

A phone with Fishbowl app

Scan your QR code to download
Fishbowl app on your mobile

Download app

Sign up for free to view this conversation on Fishbowl

By continuing you agree to Terms of Use and Privacy Policy

Already have an account? Log in

Sign up for free to continue using Fishbowl

By continuing you agree to Terms of Use(New) and Privacy Policy(New)
Messaging rates may apply

Already have an account? Log in

For account settings, visit Fishbowl on Desktop Browser or

General

Legal