Presentation is loading. Please wait.

Presentation is loading. Please wait.

Measuring Information Security Risk Metricon 1 1 August 2006 Bob Blakley

Similar presentations


Presentation on theme: "Measuring Information Security Risk Metricon 1 1 August 2006 Bob Blakley"— Presentation transcript:

1 Measuring Information Security Risk Metricon 1 1 August 2006 Bob Blakley blakley@burtongroup.com

2 Measurements are not Metrics Metrics are a system of parameters or ways of quantitative and periodic assessment of a process that is to be measured, along with the procedures to carry out such measurement and the procedures for the interpretation of the assessment in the light of previous or comparable assessments. - Wikipedia

3 Measuring Risk estimate probability and consequenceMitigate estimate log(probability) and consequence Mitigate & Recover estimate worst-case consequenceRecover estimate probability and consequenceMitigate ignore commonuncommonrare high impact low impact

4 If you can’t measure one thing, you might be able to measure two

5 Risk Correlates: Vital Signs It’s hard to make you sick without changing your pulse, temperature, or blood pressure.

6 Differential Diagnosis


Download ppt "Measuring Information Security Risk Metricon 1 1 August 2006 Bob Blakley"

Similar presentations


Ads by Google