This is a Cyber Risk Quantification (CRQ) practitioner series.
A recent poll of security leaders found that 70% of organizations are getting started or evaluating cyber risk quantification (CRQ). However, CRQ initiatives fail or move sideways because they do not provide concrete results that enable CISOs to communicate risk outcomes meaningfully to the board and senior leaders.
Join real-world practitioners Sid Wahi and Mary Laura Samples, who have implemented CRQ at Big 4s and several other organizations. They will share their experiences and insights to help you learn best practices and challenges before you start CRQ implementation to ensure you have insights on what to look for in CRQ tools.
What will you learn:
- How should you set up your data – data sources, cleaning the data
- What assumptions do you set – related to threats, controls, scenarios
- What methodologies and approaches should you use for quantification
- How do you communicate the result in a defensible, inspectable, and actionable way