To ensure a data-driven program, Jorge Orchilles, Chief Technology Officer at SCYTHE, states that CRQ programs must leverage a “repeatable approach using algorithms.” But what do you do with all of the data? Stephen Ward recommends that organizations “need automation and ingestion of telemetry data that exists across the environment, speed-to-delivery, and connectivity into the ‘so what.’” Security leaders must make investment recommendations, offer new technology opportunities, and implement new policies to properly communicate the risk reduction impact to enable “a decision support capability, not just a piece of paper (or a risk assessment report) that says, ‘we quantified risk.’”
