By (ISC)² CEO David Shearer
(ISC)² and PivotPoint Risk Analytics have signed a business agreement with the goal of empowering chief information security officers (CISOs) to make more effective security business operations and cyber insurance decisions. The solution, called ‘cyber value-at-risk analytics’ (CyVaR™), aims to support CISOs and information security professionals with the information they need to make more strategic business decisions and mitigate risks.
Some may wonder why we’re venturing into this type of relationship as a longstanding vendor-neutral certification body. Our education and certification programs are based on a Common Body of Knowledge (CBK) and will remain vendor-neutral; however, I’m open to fostering relationships with organizations and companies that can provide benefits to our international membership. We’re doubling up our thought leadership efforts in areas where we see potential blind spots within our membership and the industry.
Simply stated, we know we must do more for our members. When it comes to our certified members, we realize that they use tools and programs for their organizations as part of their jobs. As CEO, I believe that I have an obligation to our members to negotiate discounts—where possible—for existing and/or new offerings that we believe can be helpful in advancing their organizations’ cyber, information, software and infrastructure security. This certainly includes tools and services that can better position their organizations’ ongoing cyber insurance requirements. We are open to discussing opportunities for our membership with any organization or company that wants to present how their offerings can add value to our members, their career development and their respective jobs.
This new partnership provides (ISC)² members with a 35 percent discount for the first year of a CyVaR subscription. The benefit provides our members with another way to demonstrate value to their organization, while also making the job of the CISO more efficient.
Information security professionals can sometimes speak a different language than the leadership they answer to, be it a board of directors, CEO or other executives. The business impact of decisions made by the cybersecurity team needs to be quantified, which is the problem that cyber value-at-risk solutions solves. By changing the conversation from a technical discussion about cybersecurity threats to a business discussion about the potential financial impact of cyber risk, members of the C-suite and board can better position their organizations for increasingly sophisticated cyber threats.
“By quantifying the risk to the most critical corporate information assets and associated software and infrastructure, cyber value-at-risk helps CISOs secure the value of their business and bolster their respect in the boardroom,” said Julian Waits, CEO, PivotPoint RA. “We are excited about this collaboration with (ISC)², a recognized organization that is committed to enhancing the security posture of global organizations.”
CyVaR can help determine, for example, how much money an organization could lose to a cyberattack, how investing in security can reduce their risk and what types of cyber insurance would be advisable to transfer financial risks. The CyVaR approach is endorsed by The World Economic Forum’s “Partnering for Cyber Resilience” initiative and is the common risk quantification for its members.
A webinar will be available on July 12 for (ISC)² members and cybersecurity professionals alike to learn more about the partnership, program and what it can mean for them and their organizations. For more information about the CyVaR solution, please visit http://pivotpointra.com/.
[(ISC)² Blog]