Cybersecurity - Swiss Knife for enterprise risk decision-making . Cybersecurity is rapidly moving from techno-wizardry into a core concern for business and government decision-makers. But it’s not their only concern, and they must look at cyber-risk as just one component of a spectrum of risk issues like business opportunity, reputation, safety, etc.

There’s an emerging industry of scoring and assessment tools, security guidelines, verification processes, etc., to complement traditional compliance-oriented Risk Management Frameworks and governance, risk, and compliance (GRC) methods. Newer approaches, which are often driven by supply chain concerns, try to be: rapid and cost-effective to execute, dynamic and continuous in measurement, more concerned with generating a current operational view based on data and observations, and more naturally integrated into existing enterprise risk management processes.

While this transition is complex and “foggy,” it’s a necessary step that could potentially change the economics of cybersecurity from “buy more magic stuff” to “make intelligent decisions about risk.”