The ACME Corporation

It just seems the either no one is measuring realized risk exposure numbers for their firms, or mums the word on their findings.  The information that I collect is strongly covered by Non-Disclosure Agreements.  To help with this, I want to start publishing de-identified statistical abstracts.  

I included some of these statistical abstracts in the financial section of a paper published by ANSI.  I am a coauthor on, "The Financial Impact of Breach Health Information, A Business Case for Enhanced ePHI Protection"  http://webstore.ansi.org/  There are more, yet wrapping one's head around measured risk in this area takes time. 

Still, there is a substantial financial costing approach as well as a selection of known failure paths that could be estimated.  I want it to be an incremental step towared a better answer to the following question.  How does anyone justify Information Secuirty Risk Exposure without any notion of what a data flow is worth and what a misrouted data flow might cost?  In medical terms, "When can spending $10,000 on InfoSec be better for patients than buying a new heart monitor?" 

 

 

 

 

Votes: 0
E-mail me when people leave their comments –

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

Comments

  • How does anyone justify Information Secuirty Risk Exposure without any notion of what a data flow is worth and what a misrouted data flow might cost?  In medical terms, "When can spending $10,000 on InfoSec be better for patients than buying a new heart monitor?"

    You could probably start by researching the penalties an institution is exposed to under HIPAA for improperly securing their data and networks. This is way out of my area of expertise but the law is relatively static, not covered by NDA, and there are prior rulings to dig through. You could also examine civil liabilities.

This reply was deleted.

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!

lead