As a risk or security leader, do you ever get the feeling you are not getting an accurate representation of the facts when you poll organizational stakeholders on cyber security risks? We recently had a conversation with a CISO that was a bit shocked to find out how many of their business units reported being in near 100% compliance with a well-known cyber security framework when the C-level executive knew for a fact, that was not the case.

So, why do people often provide “alternate facts” when responding to cyber security risk assessments? Mark Fulford, Shareholder in the Risk Services division at LBMC and co-founder of BALLAST, shares his insights on common pitfalls in setting organizational tone for risk assessments in his guide: 5 Reasons Your Risk Assessment Results May Be “Alternate Facts.” Take the first step to achieving more accurate results from the risk assessment process, by completing the form below to download your free guide today!

5 Reasons Alternate Facts Cover

Download the Free Guide

Sign-up to receive risk management best practices, tips and product updates. Opt-out anytime.

Mark Fulford

Mark Fulford

Mark Fulford, CISSP, CISA, ABCP, CRISC, is a Shareholder in the risk services division of LBMC, PC. With nearly 25 years of experience in information security audit and compliance, Mark understands how to translate technical jargon into actionable intelligence. With significant experience in healthcare, his expertise includes assisting companies with Sarbanes-Oxley, HIPAA & PCI, HITRUST compliance, as well as providing assurance to clients and their stakeholders through SOC 1 and 2 reporting engagements. More recently, his focus has been on helping organizations identify and manage information security risks through both guided and automated risk assessment techniques.