top of page
The Monaco Risk
Blog
Posts about a new approach to cybersecurity risk management that bridges the gap between security teams who generate technical metrics and business leaders who manage risks in financial terms.
Bill Frank
Feb 212 min read
The Cybersecurity Metric for Business Leaders
Traditional control metrics do not resonate with business leaders because they are not tied to cyber-related business risks. Co...
Bill Frank
Feb 28, 20248 min read
Cyber Risk Quantification Models: FAIR™ vs GRAACE™
INTRODUCTION This article picks up where I left off in, Modeling Cybersecurity. In that article I defined modeling, the reason for...
Bill Frank
Feb 15, 20247 min read
Modeling Cybersecurity
Introduction Modeling is a strategic and proactive approach to understanding, managing, and mitigating risks in the ever-evolving...
Bill Frank
Sep 6, 20235 min read
Restructure Your Risk Register for Risk-based Compliance
This is Part 2 of my “Risk-based Compliance” series of articles - how to move security from Compliance-based Risk to Risk-based...
Bill Frank
Jun 21, 20236 min read
Why Move Cybersecurity From Compliance-based Risk to Risk-based Compliance?
Compliance-based Risk Management is often adequate for regulatory and customer trust frameworks but is of little use in managing...
Bill Frank
Feb 28, 20232 min read
Why bother with CRQ?
Cyber Risk Quantification (CRQ) is getting hyped again as the cure-all for cyber risk management. Is it? No, because it’s not needed for...
Bill Frank
Jan 6, 20232 min read
The Cyber Defense Graph™
Monaco Risk's core technology innovation - the Cyber Defense Graph The core innovation of our Monaco Risk's Cyber Control Simulator (CCS)...
Bill Frank
Apr 28, 20226 min read
Cybersecurity Risk Management Transformed
... from a compliance requirement to a decision-support process for prioritizing and justifying control* investments. Link the technical...
Bill Frank
Aug 10, 20214 min read
The Other Ransomware Dilemma
The most discussed dilemma organizations face about a ransomware attack is whether to pay the ransomware or not. The other dilemma is how...
bottom of page