Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Data Breach or Disclosure - A Quantitative Risk Analysis

RSA Conference via YouTube

Overview

Explore a data-driven approach to cyber-risk analysis in this 49-minute RSA Conference talk. Delve into the evolution of risk assessment practices, moving beyond qualitative models to embrace quantitative methodologies. Compare two data-confidentiality scenarios that appear similar on the surface but reveal meaningful differences through quantitative analysis. Learn to debunk myths about the impossibility of applying quantitative analysis to cybersecurity, and gain insights from real-world examples that demonstrate how common risk models can obscure important distinctions between scenarios. Acquire practical tools for analyzing similar use cases in your own environment. The talk covers risk management goals, NIST Risk Matrix, qualitative drawbacks, quantitative assumptions, scenario analysis approach, and practical applications such as estimating the frequency and magnitude of accidental disclosures. Gain valuable knowledge on risk treatment strategies and implementing ongoing reporting methodologies for effective cyber-risk management.

Syllabus

Intro
Risk Management Goals
NIST Risk Matrix
Qualitative Drawbacks
Quantitative Assumptions
Scenario Analysis Approach
Scenario Assumptions
Choosing a Scenario - Accidental Disclosure
What am I worth on the dark web?
1 Estimate the Frequency
2 Estimate the Magnitude
Risk Treatment
Sample On-Going Reporting
Initial Methodology Rollout

Taught by

RSA Conference

Reviews

Start your review of Data Breach or Disclosure - A Quantitative Risk Analysis

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.