Information and cyber security continue to grow in importance, influence and complexity. As organizations deploy and utilize a plethora of different tools, services, and applications to scan, monitor, evaluate, and assess various information technology components on their premises or cloud environments to identify security concerns and validate controls, understanding the outputs from these and the insights about overall security based on their output can be very difficult. One important utilization of the output of these different products lies in the technical detail they provide, which aids in the remediation or mitigation of identified issues. Another usage of the output of these tools is by way of providing the organization’s leadership with an aggregate view in how secure their environment is and how much risk is carried by their technical products and solutions. However, the multitude and variety of security data presents a daunting task when evaluating the large amounts of data to derive a clear assessment of consolidated security posture and a quantitative, repeatable way of measuring inherent and residual risk.
Personal 