Explore the fundamentals of measuring cyber risk using Open FAIR in this conference talk from Louisville Infosec 2017. Delve into cybersecurity leadership, executive-level information, and quality quantitative data for informed decision-making. Learn about risk analysis models, comparing qualitative and quantitative approaches, and understand key concepts like frequency vs. probability and threat event frequency. Examine a case study, explore the Open FAIR ontology, and gain insights into histogram analysis. Discover practical tips for implementing Open FAIR, including scenario-based analysis and navigating high-trust vs. low-trust environments. Gain valuable knowledge to enhance your organization's cyber risk assessment capabilities.
Overview
Syllabus
Intro
Introductions
Disclaimer
Audience
Survey Results
Cybersecurity Leadership
Executive Level Information
Quality Quantitative Information
Progress
Decision Makers
Risk disclaimer
Risk analysis model
Qualitative analysis
Quantitative analysis
Open FAIR
Jack Jones
Frequency vs Probability
Threat Event Frequency
Forms of Loss
Case Study
Ontology
Histogram
Wrap Up
Open FAIR Training
Dont boil the ocean
The heavy lifting
High trust vs low trust
Scenariobased analysis
