As a CISO for a large enterprise, many times my first engagement with members of our internal teams was when they approached my team for assistance with evaluating the security of a vendor they were considering.  They worried that if they didn't involve us early enough, they would reach a point where a tool had been selected, but the security team wouldn't sign-off on it, resulting in many wasted hours of effort.  The challenge on my side was always that often times the team had multiple vendors they were evaluating at that point, and performing these risk assessments was a fairly time-inte

When I first released SimpleRisk as a free and open source risk management tool at the BSides Austin conference back in March of 2013, it was because I created something that was useful to me, in my risk management program, and I thought that it might prove useful to others as well.  At the time, the only options that I had were Excel Spreadsheets, which didn't scale, or purchasing a bloated and expensive GRC solution.  At the time, it was all of three PHP web pages: one to submit your risks, one to view and edit the risk you'd just submitted, and one to show you all of the risks in the sys

Subscribe to extra