level of assurance

The second biggest trap in information risk management.

A model CISOs can use to measure and report the level of assurance being delivered by their technical security products and controls as part of a robust cyber defense.

CISOs are in the assurance business

As the CISO's job has morphed from gatekeeper (no breaches!) to crisis manager (no outrageous breaches!), the questions boards and C*Os have learned to ask us have become more