Skip to main content

What's new with the SimpleRisk 20210625-001, 20210630-001 and 20210713-001 releases?

What's new with the SimpleRisk 20210305-001 release?

OWASP Risk Rating Methodology

The OWASP Risk Rating Methodology and SimpleRisk

Over the years, we've received a number of inquiries about the OWASP Risk Rating Methdology with some contention around how we have integrated it into SimpleRisk. Some have questioned how SimpleRisk reaches its final risk score while others have pointed to differences in the Skill Level values. Let's delve into this...

Two Plus Two Equals Five

Normalizing Risk Scoring Across Different Methodologies

If the "textbook" definition of risk scoring is Risk = Likelihood x Impact, then a Severe (5) impact and an Almost Certain (5) likelihood should have a score of 25, right?  The answer isn't quite so simple...

What's new with the SimpleRisk 20210121-001 release?

What's new with the SimpleRisk 20201123-001 release?

What's new with the SimpleRisk 20201106-001 release?

NIST Cybersecurity Framework

Simplifying the NIST Cybersecurity Framework with SimpleRisk

Learn how to use SimpleRisk's Import-Export and Risk Assessment Extras in order to efficiently use the NIST Cybersecurity Framework's controls to assess your organization's risks and perform a control gap analysis.

img

The SimpleRisk 20180104-001 Release and The Future Direction of SimpleRisk

img

The SimpleRisk 20180301-001 Release and the Risk Assessment Extra

img

What's new with the SimpleRisk 20190630-001 release?

img

What's new with the SimpleRisk 20190930-001 release?

img

What's new with the SimpleRisk 20191130-001 release?

img

What's new with the SimpleRisk 20200328-001 and 20200401-001 releases?

img

What's new with the SimpleRisk 20200711-001 release?

img

What's new with the SimpleRisk 20201005-001 release?

SimpleRisk Stands Against Hate

SimpleRisk Stands Against Hate

At the end of June 2020, a civil rights coalition, which includes the Anti-Defamation League (ADL) and the NAACP, launched the #StopHateforProfit campaign.  This campaign calls upon major corporations to put a pause on Facebook advertisements, citing the company's...

Risk Management for Dummies

Risk Management for Dummies

Today I had a really interesting conversation with a guy from Japan via LinkedIn.  It started with him trying to sell me...

The Security of Open Source vs Closed Source Software

The Security of Open Source vs Closed Source Software

When I first released SimpleRisk as a free tool back in March of 2013, I decided to license it under the open source ...

SimpleRisk's Plan for COVID-19

SimpleRisk's Plan for COVID-19

I've been avoiding sending out an e-mail about this since I know you all have already been inundated by e-mails ...

SimpleRisk On-Premise

SimpleRisk On-Premise or Hosted - Which Deployment Model is Right for You?

As the Information Security Program Owner at National Instruments, I spent years contemplating the answer to a ...

new features

What features do you want to see added to SimpleRisk?

Back in 2013, when I first started working on SimpleRisk in my spare time on nights and weekends, I started using a ...

img

SimpleRisk Now Offering Complimentary Risk Management Program Consulting to Customers

As the Information Security Program Owner at National Instruments, a $1.4B global enterprise, I've spent the past ...

img

SimpleRisk Founder Josh Sokol Featured on Dialed In With Kyle Burt

Last week I was invited to participate in Kyle Burt's live podcast featuring leaders in tech and business called ...

img

There is Nothing Simple About FAIR

Currently, SimpleRisk supports six different risk scoring methods.  We have Classic Risk, which is the likelihood ...

img

How to Perform Risk Assessments (with SimpleRisk)

This is just a short (1 minute) animated video explaining some of the capabilities around performing internal and ...

img

How to Manage the Evolving Risk of Bluekeep (with SimpleRisk)

Unless you've been hiding under a rock for the past three weeks, you're probably familiar with CVE-2019-0708, also ...

img

Assessing Vendor Security Risks (with SimpleRisk)

As a CISO for a large enterprise, many times my first engagement with members of our internal teams was when ...

img

Quickly Customize Your Risk Management Program (using SimpleRisk.com)

When I first released SimpleRisk as a free and open source risk management tool at the BSides Austin conference...

img

How to Use Standards to Assess Your Organization's Cybersecurity Maturity (by SimpleRisk)

On March 29, 2019, Alex Polimeni and I presented at the BSides Austin conference on some of the work we've ...

img

GRC is Dead, Long Live GRC!

Recently, a friend sent me a blog post by John A. Wheeler of Gartner entitled "What Ever Happened to GRC?".  In ...

img

Should Vulnerabilities and Risks be Managed in the Same Place?

While the distinctions between vulnerabilities versus risks has been widely documented in various forums, we ...

img

Pricing Integrity and Why We Won't Play the Pricing Games

Before starting SimpleRisk, I sat in the CISO chair, on the other side of the negotiating table.  I learned the tricks ...

img

How Does an Asset's Value Affect Your Risk?

Any CISSP will tell you that the way to calculate risk is by taking the likelihood and multiplying it by the impact...

img

The Origin of SimpleRisk - A Founder's Story

Every comic book superhero has a story behind them describing how they overcame some form of adversity in ...

KEEP UP WITH THE LATEST
PRODUCT ANNOUNCEMENTS
AND BLOG POSTS

FOLLOW US

CONTACT US