Posts
Analysis
- ¾ of Century of Cybersecurity Solitude
- Application Security and "Typical" Fix Times
- Application Security and Burstiness
- Back to the TVaR
- Bridging 18y Studying Cyber Risk in Supply Chains
- Call for Sponsors: Meta-Study on ATT&CK techniques
- Cisco Security Outcomes Study Methodology Post II: The Rise of Item Response Theory
- Cisco Security Outcomes Study methodology post! Attention Stats Nerds!
- Communicating Risk: Loss Exceedance Curves
- Don't fear the smoother
- EPSS version 2 is out!
- Finally - A Properly Sampled Security Survey
- Finding (san)Key Protections Against Ransomware
- Gain Confidence with Confidence Intervals
- I Once Called Vuln Researchers NVPs; Are They MVPs Instead?
- IRIS Tsunami - Lessons from 50 of the largest multi-party cyber incidents
- Looking Back on 2021
- Measuring Ransomware, Part 1: Payment Rate
- Measuring Ransomware, Part 2: Ransom Demands
- Measuring Ransomware, Part 3: Prevalence
- Patching Is *Much* Slower Without Vendor Support
- Paying Ransoms & Information Asymmetry
- Probability of Zero-Day Co-Discovery at Scale
- Revisiting GitHub as a Source for Exploits
- Revisiting the Ripple Effect in Breaches - What's Making Waves in 2021?
- Salving Human Risk in Cybersecurity
- Supply Chain Multiplicity: Not as sharp as the original
- Survival in Application Security
- Ternary plots for visualizing (some types of) 3D data
- Visualizing the Value of Attack Path Choke Points for Prioritization
- What Matters More in Software Security - Nature or Nurture?
- Who Has the Advantage - Attackers or Defenders?
News
- And we’re live!
- Call for Participation: 2018 Cyber Balance Sheet
- Cyentia Podcast
- Cyentia Starting a Study and Seeking SOCs
- EPSS version 2 is out!
- GitHub: A Source for Exploits
- Help Save the Cybersecurity Research Library!
- Introducing Cyentia's new data scientist
- Introducing the Cyentia Library
- IRIS 20/20 Webinar - Audience Questions
- IRIS 20/20 Xtreme Webinar - Audience Questions
- Re-introducing the Cyentia Research Library
- Seeking Sponsor for Study on Extreme Cyber Loss Events
Press Releases
- Cyentia Institute Publishes Groundbreaking Research on the Frequency and Cost of Breaches
- Cyentia Institute Publishes IRIS Tsunami: Lessons from 50 of the largest multi-party cyber incidents
- Cyentia Institute Publishes IRIS Xtreme on the 100 Largest Cyber Loss Events
- New Research: Balancing Third-Party Risk
- New Research: Mitigating Ransomware's Impact
- New Research: Navigating the Paths of Risk - The State of Exposure Management in 2023
- New Research: Reining in Ransomware
- New Research: Road to SecOps Maturity
- New Research: Striking Security Gold
- New Research: Voice of the Analyst Study
- New Webinar: Elevate Security and Cyentia Institute Release Third Annual Research Study on User Risk
Report
- Application Security and "Typical" Fix Times
- Application Security and Burstiness
- Bridging 18y Studying Cyber Risk in Supply Chains
- Finding (san)Key Protections Against Ransomware
- I Once Called Vuln Researchers NVPs; Are They MVPs Instead?
- Internet Risk Surface in the Financial Sector
- IRIS 20/20 Webinar - Audience Questions
- IRIS 20/20 Xtreme Webinar - Audience Questions
- IRIS Tsunami - Lessons from 50 of the largest multi-party cyber incidents
- New Research: Balancing Third-Party Risk
- Paying Ransoms & Information Asymmetry
- Prioritization to Prediction, Vol 3: Wade’s Take
- Salving Human Risk in Cybersecurity
- Visualizing the Value of Attack Path Choke Points for Prioritization
- What Matters More in Software Security - Nature or Nurture?
- Who Has the Advantage - Attackers or Defenders?
© Copyright 2023 Cyentia Institute