Ivan Milenkovich, vice chairman of cyber danger expertise in EMEA at Qualys, mentioned knowledge from the CMC has the potential to permit IT security professionals to make higher danger assessments — however solely offering it’s used accurately.
“By introducing a standardised cyber occasion categorisation system, the CMC is addressing a essential hole: the shortage of constant, large-scale knowledge to help cyber danger quantification (CRQ),” Milenkovich mentioned. “This implies security groups will lastly have entry to dependable, aggregated data that may inform danger assessments, risk modelling, and decision-making.”
By introducing standardised cyber occasion categorisation, the CMC is laying the inspiration for a extra structured and measurable strategy to cyber danger. Nonetheless cyber danger professionals will nonetheless must combine the CMC’s danger assessments with their very own inside knowledge to issue of their organisation’s particular business, infrastructure, and risk profile, in line with Milenkovich.
