Quantifying Cyber Risk
Jack Jones
Quantifying Cyber Risk
Introduction: The Next Frontier of Risk Management: Cyber Risk
A Proposed Business-Oriented Approach to Cyber
A Practical Approach to Developing a Cybersecurity Programme
Regulations, Compliance and Cyber Risk Management
The Role of Cyber Risk in the Organisation
The Evolution of the Cyber Risk Role within the Three Lines of Defence
Quantifying Cyber Risk
Leadership and Culture: The Foundations of Cyber-Risk Management
Understanding the Cyber Risk Landscape: An Integrated Framework
The Transformation of Information Security: New Threats and Vulnerabilities
Cybersecurity Metrics: The Good, the Bad and the Ugly
Third-Party Risk Management
Cybersecurity’s Neighbourhood Watch: The Strength of Information Sharing
Cyber Risks in Business Continuity Management and Supply Chain Resilience for Financial Institutions
Cybersecurity Threats to the Critical Infrastructure
The True Meaning of Cyber Incident Response
Cyber Risk: Where We Have Been, Where We Are and Where We Are Going
Cost-effective management of any complex problem space requires the ability to prioritise well and choose optimum solutions. Both of these criteria require the ability to perform meaningful, reliable and practical measurement. Unfortunately, the majority of what is described as “risk measurement” in cybersecurity today does not meet two of these requirements – specifically, reliability and meaningfulness. This is true, by the way, for both qualitative and quantitative risk measurements because the immature practices and misconceptions that make risk quantification appear questionable or difficult also affect the reliability of qualitative risk measurements. The good news is that, once these immature practices and misconceptions are overcome, cyber risk quantification becomes much less difficult and more reliable than is commonly believed. As a bonus, qualitative measurements also become more reliable.
In the first part of this chapter we will examine the most damaging of the prevailing immature practices, and discuss their practical reality. Following that, we will lay to rest the most common misconceptions regarding cyber risk quantification. The remainder of the chapter will
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net