Ivan Milenkovich, vp of cyber threat expertise in EMEA at Qualys, mentioned information from the CMC has the potential to permit IT safety professionals to make higher threat assessments — however solely offering it’s used accurately.
“By introducing a standardised cyber occasion categorisation system, the CMC is addressing a important hole: the dearth of constant, large-scale information to assist cyber threat quantification (CRQ),” Milenkovich mentioned. “This implies safety groups will lastly have entry to dependable, aggregated info that may inform threat assessments, risk modelling, and decision-making.”
By introducing standardised cyber occasion categorisation, the CMC is laying the muse for a extra structured and measurable method to cyber threat. Nonetheless cyber threat professionals will nonetheless have to combine the CMC’s threat assessments with their very own inside information to issue of their organisation’s particular business, infrastructure, and risk profile, in keeping with Milenkovich.
