What does Cyber Security Information look like?

  • New threats:
  • A Leading indicator of Risk...Threats are all around us, why count them?
    • What haven't we seen before -what we don't know can hurt us
    • Are new threats arriving faster?
    • Is the pattern normal?
  • Security backlog:
  • Identify - Protect - Detect - Respond - Recover...Repeat!
    • A workload measure - how much work is there for my security operations team?
    • Is the "haystack" of events becoming overwhelming?
    • How well is the capacity of my team being utilized?
  • Defense Effectiveness:
  • Bating Wire and Duct Tape...Are we treating the symptom or the cause
    • What are the most persistent threats?
    • Are we mitigating threats and vulnerabilities efficiently?
    • Which controls work and which ones need to be retired?

Economic view of risk in IT Operations:

FAIR Ontology is a good model to use.

Bringing the Model to life by:

  • High Relevance
  • Some Relevance
  • Model Only

If Models are current, good and useful, they should be used for KRIs.

Votes: 0
E-mail me when people leave their comments –

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!