Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Information Security Forum Releases "Using Quantitative Techniques in Information Risk Analysis" Report

October 2018 by Information Security Forum

The Information Security Forum (ISF), the trusted source that senior security
professionals and board members turn to for strategic and practical guidance on
information security and risk management, today announced the release of Using
Quantitative Techniques in Information Risk
Analysis
.

Their latest report helps organizations to extract value from uncertainty by
accurately estimating and calculating their information risk. While qualitative
techniques are still encouraged by the ISF for many organizations, the possibilities
presented in Using Quantitative Techniques in Information Risk Analysis provide an
alternative method which delivers value through the application of rigorous and
testable techniques that enable organizations to accurately measure their exposure
to loss. The report explains three techniques - estimating, calibrating and
reviewing - that are essential for understanding and undertaking quantitative
information risk analysis.

"To direct investment and manage exposure to loss, organizations need to embrace the
unknown - learning how to measure and reduce their uncertainty," said Steve Durbin,
Managing Director of the Information Security Forum. "Quantitative techniques
provide an arsenal of tools that account for uncertainty, with the potential for
accurate measurement of information risk to direct meaningful decision making. These
techniques have been tested through trial and error in numerous industries -
insurance, healthcare, oil and finance -and can be used with the promise of
accumulative value over time."

Risk is inherently uncertain, however, many approaches to information risk analysis
conceal uncertainty through inconsistent terminology and inaccurate models, leaving
organizations unaware of their true risk posture and resigned to directing
investment with scant evidence. Due to cultural precedent and/or regulatory demand,
some organizations may be required to use qualitative terminology to categorize loss
bandings and/or prioritize risks. To report quantitative losses qualitatively,
organizations may use familiar labels, such as low, medium or high, or traffic light
scoring, including green, amber or red, to describe the bandings of loss.

Using Quantitative Techniques in Information Risk Analysis is informed by ISF
research into leading organizations’ efforts to use quantitative techniques in
information risk analysis. The report enables organizations to gain value by:

* Providing techniques that are essential for understanding and undertaking
quantitative information risk analysis
* Demonstrating how quantitative information risk analysis can be conducted to
provide accurate and informative results
* Presenting ways in which the results of quantitative information risk analysis
can be communicated to support decision making

To ensure information risk analysis delivers value, organizations should adopt the
ISF Approach for Using Quantitative Techniques in Information Risk Analysis. The ISF
Approach sets out a scenario-led analysis, which calculates information risk to
provide accurate results and demonstrates how modelling information risk can
communicate results to support decision making, directing effective mitigation and
return on investment for organizations. Scenario-led analysis helps organizations to
adopt a defined vocabulary and quantified metrics that exploit a robust,
mathematical calculation. This approach provides accurate results that direct
effective mitigation and Return on Investment (ROI) for the organization.

"As maturity grows, organizations should seek a new direction, building models that
improve probabilistic outcomes, retain knowledge and reduce error. With repetition,
organizations can develop a model which scales and preserves expert opinion,"
continued Durbin. "Using a model that can be measured enables organizations to
identify where improvement is required and where value is being delivered."

Using Quantitative Techniques in Information Risk Analysis is available now via the
ISF website
.


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts