Counting on Quantitative Cyber Risk Analytics
Everyone is talking about cybersecurity. Leaders with decades of experience at CEO, CFO and CRO level have seen it advance from a curious subset of IT to a board issue demanding their time and attention. Data security is a strategic concern, and data science is a necessary component to address it.
C-Suite executives have spent recent years sweating their way through reports detailing threats and vulnerabilities, incident response and threat hunting, cloud and endpoint security. Lightbulbs have started going off more recently as these beleaguered executives have made a breakthrough concerning all things security; it is just another form of company risk.
Now it is the security teams and service providers who are scrambling to adapt their outlooks. Those holding the purse strings and dictating company strategy are calling for security that can be measured in terms of risk and ROI. Determining risk is a quantitative task, and doing it right requires an overhaul in process to go from qualitative to quantitative analysis, and from analogue to automated assessment.
This blog post is available in full at Infosecurity Magazine.