Douglas Hubbard, the renowned authority on quantitative analysis, has joined RiskLens as Technical Advisor. Hubbard’s books, How to Measure Anything, How to Measure Anything in Cybersecurity Risk and others, have inspired many in the risk quantification movement.
Jack Jones, creator of Factor Analysis of Information Risk (FAIR™), the standard that drives the RiskLens platform, wrote in his book, Measuring and Managing Information Risk, that Hubbard’s insights “continue to stoke my internal flame for trying to get this right.”
Hubbard researched several of the techniques adapted for FAIR practice, such as Monte Carlo simulation and calibrated estimation, and is well known for this guiding principle: You need less data than you think, and you have more data than you think.
Bryan Smith, RiskLens Senior Director of Technology Research, said Hubbard is “well known in our industry as an expert in mathematical simulations applied to decision science and we will leverage his expertise to stretch our data analytics capabilities. We’re working with him on advising around our models and analytics, and as a sounding board for his opinion on improvements.”
Hubbard explained his decision to take on the advisory role for RiskLens:
“Question: What is your biggest cybersecurity risk? Answer: How you measure cybersecurity risk.”
“Widely used risk assessment methods offer only a kind of ‘analysis placebo effect.’ Some popular cybersecurity risk assessment approaches are based on non-quantitative or pseudo-quantitative methods which repeated research has shown not only doesn't improve decisions, but even makes decisions worse.
“Fortunately, RiskLens uses tools that show evidence of actually improving estimates. Monte Carlo simulations based on calibrated estimates and empirical data come together in the RiskLens platform so that decision makers can see how much cybersecurity risk they have and how to prioritize risk mitigations. Not only does it work, but it speaks the language of upper management by illustrating cybersecurity risk in terms of real dollars.”
For more on Douglas Hubbard, see his consultancy Hubbard Decision Support, and watch the videos of his talks at FAIR Institute’s annual FAIR Conference:
FAIRCON2019 Video: Douglas Hubbard on Overcoming the Myths of Cyber Risk Measurement
FAIRCON2020 Video: Douglas Hubbard on Optimizing Your Risk Analysis Team