1 / 6

Measuring Information Security Risk

Measuring Information Security Risk. Metricon 1 1 August 2006 Bob Blakley blakley@burtongroup.com. Measurements are not Metrics.

kylene
Download Presentation

Measuring Information Security Risk

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Measuring Information Security Risk Metricon 1 1 August 2006 Bob Blakley blakley@burtongroup.com

  2. Measurements are not Metrics • Metricsare a system of parameters or ways of quantitative and periodic assessment of a process that is to be measured, along with theprocedures to carry out such measurementand theprocedures for the interpretationof the assessmentin the light of previous or comparable assessments. • - Wikipedia

  3. Measuring Risk estimate probability and consequence Mitigate estimate log(probability) and consequence Mitigate & Recover estimate worst-case consequence Recover high impact estimate probability and consequence Mitigate ignore ignore low impact common uncommon rare

  4. If you can’t measure one thing, you might be able to measure two

  5. Risk Correlates: Vital Signs It’s hard to make you sick without changing your pulse, temperature, or blood pressure.

  6. Differential Diagnosis

More Related