Getting Started with Risk Quantification

10 November 2021

One of the cornerstones of managing the unknown is defining it and measuring it. Anything that could cause harm to an organization needs to be tracked and managed. As more and more transactions occur entirely on digital platforms or are at least facilitated digitally, the ability of cybersecurity issues to trigger a breakdown in the delivery of products and services is a top concern of executives and boards. Cyber risk quantification (CRQ; sometimes called cyber risk economics) has been a solution to which many have turned in order to better understand their specific cyber risk exposure and to rationalize their options to manage it. This roundtable discussion lead by ISACA's Paul Phillips provides an overview of what exactly cyber risk quantification is and some of the important foundational elements of cyber risk measurement methodologies. Paul talks to Jack Jones (Chief Risk Scientist, RiskLens and Chairman, FAIR Institute), Tony Martin-Vegue (Senior Security Risk Engineer, Netflix), and Evan Wheeler (Vice President of Risk Management, NDVR)