Sign up to save your podcasts
Or
Share Cyber Risk Quantification
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Cyber Risk Quantification
Jeff Edwards, Founding Member and Co-Chair of the SafeHouse Initiative interviews David Finz, First Vice President of Specialty Claims and Adam Rauf, Senior Manager of Cyber Risk both from Alliant Insurance Services. This episode focuses on CRQ (Cyber Risk Quantification) and its importance in helping organizations quantify, reveal and address cyber threats. David discuss the State of the Cyber Market while Adam discuss the benefits and challenges of risk quantification as well as free and premium options available to implement.
Resources discussed:
Frameworks:
-Factor Analysis of Information Risk (FAIR): https://www.fairinstitute.org/
-NIST Privacy Risk Assessment Methodology (PRAM): https://www.nist.gov/itl/applied-cybersecurity/privacy-engineering/collaboration-space/focus-areas/risk-assessment/tools
-Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE): https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=8419
-Control Objectives for Information and related Technology (COBIT): https://www.isaca.org/resources/isaca-journal/issues/2022/volume-2/the-cyberrisk-quantification-journey
-MITRE Threat Assessment & Remediation Analysis (TARA): https://www.mitre.org/news-insights/publication/threat-assessment-and-remediation-analysis-tara
Tools:
(Free)
PyFAIR: https://github.com/Hive-Systems/pyfair
NIST PRAM: https://www.nist.gov/itl/applied-cybersecurity/privacy-engineering/collaboration-space/focus-areas/risk-assessment/tools
(Premium)
RiskLens: https://www.risklens.com/
Axio: https://axio.com/
Archer: https://www.archerirm.com/
Edited and Produced by David Lewis
View all episodes
By The SafeHouse InitiativeJeff Edwards, Founding Member and Co-Chair of the SafeHouse Initiative interviews David Finz, First Vice President of Specialty Claims and Adam Rauf, Senior Manager of Cyber Risk both from Alliant Insurance Services. This episode focuses on CRQ (Cyber Risk Quantification) and its importance in helping organizations quantify, reveal and address cyber threats. David discuss the State of the Cyber Market while Adam discuss the benefits and challenges of risk quantification as well as free and premium options available to implement.
Resources discussed:
Frameworks:
-Factor Analysis of Information Risk (FAIR): https://www.fairinstitute.org/
-NIST Privacy Risk Assessment Methodology (PRAM): https://www.nist.gov/itl/applied-cybersecurity/privacy-engineering/collaboration-space/focus-areas/risk-assessment/tools
-Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE): https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=8419
-Control Objectives for Information and related Technology (COBIT): https://www.isaca.org/resources/isaca-journal/issues/2022/volume-2/the-cyberrisk-quantification-journey
-MITRE Threat Assessment & Remediation Analysis (TARA): https://www.mitre.org/news-insights/publication/threat-assessment-and-remediation-analysis-tara
Tools:
(Free)
PyFAIR: https://github.com/Hive-Systems/pyfair
NIST PRAM: https://www.nist.gov/itl/applied-cybersecurity/privacy-engineering/collaboration-space/focus-areas/risk-assessment/tools
(Premium)
RiskLens: https://www.risklens.com/
Axio: https://axio.com/
Archer: https://www.archerirm.com/
Edited and Produced by David Lewis