Knowledge Content Library
Measuring the value of cybersecurity controls
Jack Jones, Adjunct Professor, Carnegie Mellon University
Abstract: The cybersecurity landscape is profoundly complex and dynamic, and its mismanagement has increasingly dire consequences as the world becomes more digitally dependent. Unfortunately, the cybersecurity profession is still relatively young, and many of its practices more closely resemble shamanism than science. In this webinar, Jack will discuss the two measurement models he created that lay the groundwork for significant advancements in risk management. One of these models — Factor Analysis of Information Risk (FAIR) — is becoming a widely adopted industry standard for measuring cybersecurity and operational risk. The second model — the FAIR Controls Analytics Model (FAIR-CAMTM) — was just published at this year’s FAIR Conference. FAIR-CAMTM introduces the concept of "Controls Physiology” and is the first model to enable empirical measurement of risk management control efficacy and value.
Click on the file below to hear a sample of the presentation.
Click here for access to the full video.
SDP membership is required for access to this webinar.
Keywords: analysis and modeling anamod, risk and uncertainty riskunc, enterprise risk, strategy analysis, strategic risk, risk analysis riskanal, mitigation