TL;DR
- Nearly half of security professionals lack access to the data needed to effectively measure and manage risk exposure within their organizations.
- Building a complete inventory of the attack surface is the foundational step for aligning security efforts with risk tolerance frameworks.
- Assigning financial values to assets enables organizations to calculate and communicate risk in monetary terms that resonate with business leadership.
Summary
Ivanti's Field CISO Mike Riemer addresses a critical gap in enterprise security: while most organizations have risk tolerance frameworks in place, many struggle to actually follow them due to data visibility challenges. Drawing on Ivanti research, Riemer reveals that nearly half of security professionals cannot access the data needed to measure and manage risk effectively. He outlines three actionable steps to bridge this gap: building a complete attack surface inventory, assigning financial values to assets for monetary risk calculation, and aligning risk scoring schemas across assessment frameworks. The guidance emphasizes that comprehensive data aggregation is essential for developing realistic metrics that connect security efforts to organizational risk appetite and business objectives. This approach to risk exposure management helps security teams demonstrate alignment between their operational activities and the broader risk tolerance framework their organization has established.
Chapters
0:00 - The Risk Measurement Challenge
0:23 - Steps to Improve Risk Alignment
0:49 - Aggregating Data for Better Metrics
Key Quotes
0:08 "Nearly half say they cannot access the right data to measure and manage risk."
0:12 "This lack of visibility seriously compromises security teams' ability to effectively understand if their efforts are aligning with their organization's risk tolerance framework."
0:34 "Assigning financial values to assets to calculate risk in monetary terms wherever possible."
