Expert intelligence + effective automation
Years ago, we faced something odd in a project: a customer was putting pressure on us while performing a One-Shot Hacking. The manager who hired us demanded preliminary results and made comments about how we should frame some of the findings, what to keep, and what to remove from the …
What is the best risk indicator? Bottom line: there is no "best", only different approaches to the same thing. Ultimately, it’s up to you. Here we will show the pros and cons of each so you can make an informed decision (about that which will guide your informed decisions …
Usually, changing our beliefs is seen as a negative thing. But when those beliefs represent our state of uncertainty regarding a particular cybersecurity risk, you’d better use all the tools at hand to reduce that uncertainty, i.e., measuring. Why do we speak of "belief" and not "probability" here …
In our previous article, we merely scratched the surface of the problem that quantifying risks poses, barely touching on concepts such as calibrated estimation, confidence intervals and specifying the measuring object. Now that (if?) we are convinced that: Cybersecurity risk can and should be measured in...
One of the least understood parts of a vulnerability is the risk it poses to the target. On the client side, it tends to get confused with impact and occurrence likelihood, due to devices like the so-called “risk matrix”, which are supposed to help us better understand risks: Figure 1 …
The main problem encountered by an organization when they need to perform an Ethical Hacking is to establish the boundaries of the hacking. Delimiting the scope of an Ethical Hacking by time is a common mistake since it is not possible to know when the hacking, that is measured solely …
