<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=446209&amp;fmt=gif">

Bill Frank

A guest writer for WEI, Bill Frank has over 24 years of cybersecurity experience. At present, as Chief Client Officer at Monaco Risk Analytics Inc, Mr. Frank is responsible for leading Monaco Risk’s cybersecurity risk management engagements. In addition, he collaborates on the design of Monaco Risk’s cyber risk quantification software used in client engagements.
Find me on :

Posts by Bill Frank

Moneyball for Cybersecurity

By Bill Frank |   Oct 17, 2024

A guest writer of WEI, see Bill Frank’s biography and contact information at the end of this article.

Michael Lewis coined the term, Moneyball, in his eponymous book published in 2003 and made into a movie in 2011 starring Brad Pitt. Moneyball was about applying analytics to baseball. Billy Beane, the Oakland Athletics General Manager, was the first baseball executive to use analytics to increase the probability of winning games.

The Cybersecurity 3-Layer Wedding Cake

By Bill Frank |   May 17, 2024

See Bill Frank’s biography and contact information at the end of this article.

This article is Part Two of my series on managing cyber-related business risks. In Part One, I discussed the relationship between Defensive Controls and Performance Controls. Defensive Controls directly block threats. Performance Controls measure the effectiveness of Defensive Controls and suggest improvements.

Using Performance Controls to Address Cybersecurity’s Achilles Heel

By Bill Frank |   Mar 21, 2024

See Bill Frank’s biography and contact information at the end of this article.

[Note: This is an updated version of the original article posted on March 21, 2024. I replaced the term "Governance” Controls with “Performance” Controls to eliminate any confusion with the NIST Cybersecurity Framework 2.0 use of the term “Governance.”

I focus here on automated controls that monitor and measure the “performance” of “Defensive” controls that directly block threats or at least alert on suspicious activities.

How well are your cybersecurity controls performing? Measuring control efficacy is challenging. In fact, under-configured, misconfigured, and poorly tuned controls, as well as variances in security processes are the Achilles Heels of cybersecurity programs.

A mismatch between risk reduction potential and performance results in undetected threats (false negatives) as well as an excessive number of false positives. This leads to an increase in the likelihood of loss events.

All controls, whether people, processes, or technologies, can be categorized in one of two ways – Defensive or Performance.

About WEI

WEI is an innovative, full service, customer-centric IT solutions provider. We're passionate about solving your technology challenges and we develop custom technology solutions that drive real business outcomes.

Subscribe to WEI's Tech Exchange Blog


Categories

see all
Contact Us