Fast & Furious Quantitative Risk Analysis subtitle: Done in 60 seconds
Cyber security risk management professionals have been told by "best practices," standards, certifications, and books that quantitative risk analysis is next to impossible because we don't have sufficient data. What we haven't been told is what quantitative risk analysis actually is and how it works.
In this web session, we will help management decide on a cyber-related concern. We will do a typical qualitative risk analysis using a heat map, then a quick and dirty quantitative risk analysis of the same scenario. We will show that a quantitative risk analysis does not have to be more difficult, nor does it require more data.
Eventually, we will discuss a few points on how to make the analysis even better using the Open FAIR framework without requiring significantly more data or effort.