introduction to the language of risk
DESCRIPTION
This is the opening introduction slides from the (ISC)2 2010 Security Leadership Series on Competitive Compliance as well as the Language of Risk.TRANSCRIPT
The Language of Risk
Translating between Business and
Security
The potential harm that may arise from a future event.
The Value of Risk Management
“More than any other development, the quantification
of risk defines the boundary between modern times and the
rest of history.”
Peter L. Bernstein, Harvard Business Review, Mar.-Apr. 1996, p. 57-51.
Risk Management is Bigger Than Fire
Basic Games of Chance
Renaissance Studies on Probability
The Birth of Insurance
Evolution of Risk Management
Early dice made from sheep bones
Galileo publishes "Sopra le Scoperte“ in 1630
Lloyd’s of London circa 1774
Measuring Risk is Hard
We’ve reduced this…
…to this. (ARO)(SLE)=ALE
You Cannot Predict Misfortune• You do not know what
the Average Rate of Occurrence is.
• Your best hope is to pull a plausible average out of the air
Guessing Doesn’t Count
•You do not know the Single Loss Expectancy•You can only estimate the impact
Communicating Risk Is Harder
Education Is The Missing Piece
Finding a Common Language is Key
risks you faceeverydaywhat are the
malicious outsiders?
malicious insiders?
Whatdo youworryabout
Moreimportantly…
businessWhat does your
worry about
businessHow does a
doing wellknow it is
Brandon DunlapManaging Director of Research
[email protected]: bsdunlap
Brightfly, Inc.www.brightfly.com
Twitter: brightfly
Questions?