Download
measuring information security risk n.
Skip this Video
Loading SlideShow in 5 Seconds..
Measuring Information Security Risk PowerPoint Presentation
Download Presentation
Measuring Information Security Risk

Measuring Information Security Risk

78 Vues Download Presentation
Télécharger la présentation

Measuring Information Security Risk

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Measuring Information Security Risk Metricon 1 1 August 2006 Bob Blakley blakley@burtongroup.com

  2. Measurements are not Metrics • Metricsare a system of parameters or ways of quantitative and periodic assessment of a process that is to be measured, along with theprocedures to carry out such measurementand theprocedures for the interpretationof the assessmentin the light of previous or comparable assessments. • - Wikipedia

  3. Measuring Risk estimate probability and consequence Mitigate estimate log(probability) and consequence Mitigate & Recover estimate worst-case consequence Recover high impact estimate probability and consequence Mitigate ignore ignore low impact common uncommon rare

  4. If you can’t measure one thing, you might be able to measure two

  5. Risk Correlates: Vital Signs It’s hard to make you sick without changing your pulse, temperature, or blood pressure.

  6. Differential Diagnosis