You just received an updated security attestation from your third-party provider, but the hair on your arms stands straight up when news of the latest hack appears on your screen. Your vendors may talk the talk, but you anxiously wonder if they're walking the walk. Checklist compliance is not good enough. It's time to confront your risk reality. In part one of this two-part blog series, we look at risk measurement.