Learn about the latest SimpleRisk release, featuring the new user interface, from SimpleRisk Founder and CEO, Josh Sokol.
Learn about the latest SimpleRisk release, featuring the new user interface, from SimpleRisk Founder and CEO, Josh Sokol.
Check out this recap of the webinar, "How to Model Security Maturity in Your Organization," co-hosted by SimpleRisk and GRC 20/20. This webinar helped equip participants with a clear roadmap on how to establish a security maturity baseline within their own organizations, create a desired state of maturity, and identify where gaps exist in order to achieve their objectives.
Learn how to use our Risk Assessment Extra to manage inbound assessments within SimpleRisk. Create a repeatable process without purchasing a separate tool.
How can a relatively new vendor enter a mature market that has a multitude of established players and, with no outside funding, differentiate itself from the competition to make a global impact? Read on to learn how SimpleRisk is doing just that.
SimpleRisk has assessed our risk against the Apache Log4j vulnerability and determined that no customers deployed with our standard deployment instructions, regardless of On-Premise or Hosted environment, should be impacted by this vulnerability.
Today I attended a CISO roundtable where a number of the attendees talked about their GRC platforms that have taken over a year to "connect all the wires" and they're still in the process of implementing. I know why their GRCs are failing them and there is a better way.
Curious about SimpleRisk’s product offerings and available functionality? Read on to learn about our flexible deployment models – from free and open source to fully-featured GRC platform!
This blog details how our approach varies from that of our competitor’s and how we ensure customer success without including professional services in our pricing model.
Explore your options for managing personnel changes in SimpleRisk.
SimpleRisk partners with various MSSP providers to give customers a one-stop "GRC-as-a-Service" offering. Learn more about how this works and whether the SimpleRisk GRCaaS platform may be a good fit for your organization.
Over the years, we've received a number of inquiries about the OWASP Risk Rating Methdology with some contention around how we have integrated it into SimpleRisk. Some have questioned how SimpleRisk reaches its final risk score while others have pointed to differences in the Skill Level values. Let's delve into this...
If the "textbook" definition of risk scoring is Risk = Likelihood x Impact, then a Severe (5) impact and an Almost Certain (5) likelihood should have a score of 25, right? The answer isn't quite so simple...
Learn how to use SimpleRisk's Import-Export and Risk Assessment Extras in order to efficiently use the NIST Cybersecurity Framework's controls to assess your organization's risks and perform a control gap analysis.
At the end of June 2020, a civil rights coalition, which includes the Anti-Defamation League (ADL) and the NAACP, launched the #StopHateforProfit campaign. This campaign calls upon major corporations to put a pause on Facebook advertisements, citing the company's...
Today I had a really interesting conversation with a guy from Japan via LinkedIn. It started with him trying to sell me...
When I first released SimpleRisk as a free tool back in March of 2013, I decided to license it under the open source ...
I've been avoiding sending out an e-mail about this since I know you all have already been inundated by e-mails ...
As the Information Security Program Owner at National Instruments, I spent years contemplating the answer to a ...
Back in 2013, when I first started working on SimpleRisk in my spare time on nights and weekends, I started using a ...
As the Information Security Program Owner at National Instruments, a $1.4B global enterprise, I've spent the past ...
Last week I was invited to participate in Kyle Burt's live podcast featuring leaders in tech and business called ...
Currently, SimpleRisk supports six different risk scoring methods. We have Classic Risk, which is the likelihood ...
This is just a short (1 minute) animated video explaining some of the capabilities around performing internal and ...
Unless you've been hiding under a rock for the past three weeks, you're probably familiar with CVE-2019-0708, also ...
As a CISO for a large enterprise, many times my first engagement with members of our internal teams was when ...
When I first released SimpleRisk as a free and open source risk management tool at the BSides Austin conference...
On March 29, 2019, Alex Polimeni and I presented at the BSides Austin conference on some of the work we've ...
Recently, a friend sent me a blog post by John A. Wheeler of Gartner entitled "What Ever Happened to GRC?". In ...
While the distinctions between vulnerabilities versus risks has been widely documented in various forums, we ...
Before starting SimpleRisk, I sat in the CISO chair, on the other side of the negotiating table. I learned the tricks ...
Any CISSP will tell you that the way to calculate risk is by taking the likelihood and multiplying it by the impact...
Every comic book superhero has a story behind them describing how they overcame some form of adversity in ...