cyber risk practice vs medicine qms

If medicine measured health the way many organizations measure cyber risk, we would call it malpractice.
We would never accept:
     You are a 3 out of 5.
     Your score improved by 5 points.
     Your health is Yellow.
We would ask:
     What is the probability?
     What is the consequence?
     What changes if we intervene?
Yet in cyber risk, we often report colors, maturity scores, and composite numbers and call it analysis.
If your model cannot translate a 5 point reduction into dollars and probability, it is not measuring risk. It is measuring comfort.
In this article, I walk through a simple thought experiment that may change how you think about reporting cyber risk.
Before your next risk readout, this is worth five minutes.
#CyberRisk #RiskManagement #CyberSecurity #RiskQuantification #BoardReporting
#womeninrisk #CISO #FAIR #ERM #Wicys

  • Wij verzamelen hier uw informatieverzoeken:: Link bezoeken
  • Privacy-check-nl: Bedankt dat u uw privacyopties hebt ingesteld. 
Cookies user preferences
We use cookies to ensure you to get the best experience on our website. If you decline the use of cookies, this website may not function as expected.
Accept all
Decline all
Unknown
Unknown
Accept
Decline
Marketing
Set of techniques which have for object the commercial strategy and in particular the market study.
Quantcast
Accept
Decline
Save