- SVCI Editorial Staff
2023 #CISOPredicts: Mandy Andress, CISO at Elastic
Members of Silicon Valley CISO Investments (SVCI) offer their take on the challenges and trends that will shape 2023.
As Chief Information Security Officers (CISOs) across industries including tech, insurance, and retail, we have the benefit of sharing (and comparing) our perspectives on a variety of hot-button issues. As members of Silicon Valley CISO Investments (SVCI), we also get a front seat to the most recent cybersecurity innovations by advising and investing in the next generation of startups—and using our decades of expertise to help them thrive.
From where we sit in the C-suite, here’s our take on the trends and challenges that will shape 2023:
Mandy Andress Chief Information Security Officer, Elastic
Risk quantification will finally go mainstream
The state of the global economy is the leading conversation topic in most organizations. The impact for many security teams will be flat or decreasing budgets. Yet, as many of my peers share here, the demands just continue to increase. How do we know where to focus our limited resources? Risk management, of course!
Risk quantification has been a focus of financial services for years. NIST has mentioned it as a method to use to help manage risk with their Cyber Security Framework. We have seen other leading organizations adopt this approach, and I predict 2023 will drive expansion much broader.
Risk quantification helps provide a business-ready view of your risks in financial terms, which resonates with executives and can help communicate the potential business impact of your risks more than a traditional qualitative approach. Factor Analysis of Information Risk (FAIR) is one of the leading models.
Understanding the probable financial impact of your risks (and the impact that potential mitigation activities could have in addressing that risk) allows you to focus your resources where they will make the most impact.
Should I buy a new tool for this issue?
Do I need more people in this team?
Quantifying risks will help you answer those questions in a more direct, meaningful way that your executive leaders will understand.
Keep following to read additional takes on 2023 by SVCI CISOs!