Cyber Risk Quantification

Cyber risk quantification involves the application of risk quantification techniques to an organization’s cybersecurity risk. Cyber risk quantification is the process of evaluating the cyber risks that have been identified and then validating, measuring and analyzing the available cyber data using mathematical modeling techniques to accurately represent the organization’s cybersecurity environment in a manner that can be used to make informed cybersecurity infrastructure investment and risk transfer decisions. Cyber risk quantification is a supporting activity to cybersecurity risk management; cybersecurity risk management is a component of enterprise risk management and is especially important in organizations and enterprises that are highly dependent upon their Information Technology (IT) networks and systems for their business operations.

One method of quantifying cyber risk is the Value-at-Risk (VaR) method that is discussed at the January 2015 World Economic Forum meeting (see external reference below). At this meeting, VaR was studied and researched and deemed to be a viable method of quantifying cyber risk.

A metric related to Cyber Risk Quantification that has been identified and cited is "Cyber Risk Reduction Return on Investment" or "CR3OI" as a metric that uses Cyber VaR and is an expression of the return on investment of a single or series of cyber investments. See Cyber Risk Reduction Return on Investment.

Cyber Risk Quantification Tools

Cyber Risk Quantification can be an automated or software supported process that lets the user create a model of the system architecture and then uses the built in mathematical modeling techniques in the software to quantify the cyber security risks.

References

See also

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.