Welcome to the CXOWARE blog. We hope you’ll join us for lively and good natured discussion about risk and risk issues!  We’re risk geeks, plain and simple. We’re big advocates of the Factor Analysis of Information Risk (FAIR) framework for quantifying risk.

World Economic Forum calls for Quantification of Cyber Threats

By: Steve Tabacek

Find me on:

The World Economic Forum released a paper last week, called "Partnering for Cyber Resilience Towards the Quantification of Cyber Threats". The paper can be read here on the WEF's site. From the paper:

Managing cyber risks requires a framework for segmenting and quantifying shared risk factors. Among the dimensions of an effective cyber risk model is quantification of assets, knowing the attacker profile and knowing the potential vulnerabilities of a company. Successful cyber risk includes organizational leadership, cyber life-cycle process management, and solution life-cycle implementation management.

There is an article about the World Economic Forum's paper on the Privacy & Security Law Blog describing the general requirements for building a common framework for quantifying cybersecurity risk into economic terms. Twice in this article they incorrectly noted that an established model and/or technology does not exist. CXOWARE will be working with the contributing authors to inform them an established model does exist. It's called FAIR - outlined in Gartner report G00256964 and identified as the only risk methodology that quantifies cybersecurity risk into dollars & cents. You don't need to spend millions building an application. RiskCalibrator is built on FAIR!

About The Author

Steve Tabacek
Steve Tabacek is the cofounder and President of RiskLens.