Download presentation
Presentation is loading. Please wait.
Published byOlivia Perkins Modified over 9 years ago
1
Measuring Information Security Risk Metricon 1 1 August 2006 Bob Blakley blakley@burtongroup.com
2
Measurements are not Metrics Metrics are a system of parameters or ways of quantitative and periodic assessment of a process that is to be measured, along with the procedures to carry out such measurement and the procedures for the interpretation of the assessment in the light of previous or comparable assessments. - Wikipedia
3
Measuring Risk estimate probability and consequenceMitigate estimate log(probability) and consequence Mitigate & Recover estimate worst-case consequenceRecover estimate probability and consequenceMitigate ignore commonuncommonrare high impact low impact
4
If you can’t measure one thing, you might be able to measure two
5
Risk Correlates: Vital Signs It’s hard to make you sick without changing your pulse, temperature, or blood pressure.
6
Differential Diagnosis
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.