Cyber Risk Quantification allows for much better risk based decision making compared to qualitative risk analysis.
Jack Jones, Fair Institute:
“We exist as a profession to help our organizations manage the frequency and magnitude of loss event scenarios. Today’s common risk measurement practices do not support that objective” – specifically use of control frameworks like NIST CSF or maturity models like C2M2 as stand-ins for true risk measurement.
Done right, cyber risk analysis should deliver results that enable prioritization of cybersecurity projects based on cost-benefit analysis, as well as communicating risk in the business terms that the organization understands, Jack said. He outlined three requirements to hit that level.
TrustMatters assists in making the cultural shift to Cyber Risk Quantification.
Feel free to request for more information.