Episode 65: Making Cyber Risk Analysis Practical with QRA
In episode 65 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Christopher Painter, Board Member of the Center for Internet Security (CIS) and President of the Global Forum on Cyber Expertise Foundation. Together, they discuss cybersecurity risk management. They begin by discussing how cyber risk analysis fits into a business risk management program in general. From there, they explore quantitative risk analysis (QRA), including its benefits for understanding cyber risk and the challenges of getting started. Their conversation then gets into how the CIS Board of Directors, specifically the Risk Committee, is using different methods of QRA to achieve CIS's business goals and objectives.
Resources
- Follow Christopher on LinkedIn.
- Quantitative Risk Analysis: Its Importance and Implications
- FAIR: A Framework for Revolutionizing Your Risk Analysis
- CIS RAM v2.1: A Way to Demonstrate Reasonable Security
- Episode 61: Overcoming Pre-Audit Scaries Through Governance
If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].