Risk assessment: a first principle of cybersecurity.
Risk Assessment is a cybersecurity first principle strategy.
Most of us have told ourselves that predicting risk with any precision is impossible, that cybersecurity is somehow different from all the other disciplines in the world. We’re wrong, of course. In this lesson, Rick identifies a formalized approach to making optimal choices under conditions of uncertainty. He discusses the three components that make a good risk assessment question, and reveals a simple but useful model to assess risk in any organization.
Cybersecurity professional development and continued education.
You will learn about: cybersecurity risk resources, how to craft the right risk questions, how to produce effective risk estimations.
CyberWire is the world’s most trusted news source for cybersecurity information and situational awareness. Join the conversation with Rick Howard on LinkedIn and Twitter, and follow CyberWire on social media and join our community of security professionals: LinkedIn, Twitter, Youtube, Facebook, Instagram
Additional first principles resources for your cybersecurity program.
For more risk assessment and cybersecurity first principles resources, check the topic essay.
Selected Reading:
- "How to Measure Anything in Cybersecurity Risk,” by Douglas W. Hubbard and Richard Seiersen, Published by Wiley, 25 July 2016.
- “Materiality in a nutshell,” by datamaran.
- "Measuring and Managing Information Risk: A Fair Approach,” by Jack Freund and Jack Jones, Published by Butterworth-Heinemann, January 2014.
- “Metrics and risk: All models are wrong, some are useful,” By Rick Howard, CSO Perspectives, the CyberWire, 30 March 2020.
- "Pundits are regularly outpredicted by people you’ve never heard of. Here’s how to change that,” By Sam Winter-Levy and Jacob Trefethen, The Washington Post, 30 September 2015.
- "Superforecasting: The Art and Science of Prediction,” by Philip E. Tetlock and Dan Gardner, 29 September 2015, Crown.
- "The Cybersecurity Canon – How to Measure Anything: Finding the Value of ‘Intangibles’ in Business,” Book Review by Rick Howard, Cybersecurity Canon Project, Palo Alto Networks, 19 July 2017.
- "The Cybersecurity Canon: How to Measure Anything in Cybersecurity Risk,” Book Review By Steve Winterfeld, Cybersecurity Canon Project, Cybersecurity Canon Hall of Fame Winner, Palo Alto Networks, 2 December 2016.
- "The Cybersecurity Canon: Measuring and Managing Information Risk: A FAIR Approach,” Book Review by Ben Rothke, Cybersecurity Canon Project, Cybersecurity Canon Hall of Fame Winner, Palo Alto Networks, 10 September 2017.
- “The Foundations of Decision Analysis Revisited,” by Ronald Howard, Chapter 3, 060520 V10.
- "Superforecasting: Even You Can Perform High-Precision Risk Assessments,” By Rick Howard, David Caswell, and Richard Seiersen, Edited by Deirdre Beard and Benjamin Collar.
- "Superforecasting: The Art and Science of Prediction,” by Philip E. Tetlock and Dan Gardner, Published by Crown, 29 September 2015.
- “Super Prognostication II: Risk Assessment Prognostication in the 21st Century,” by Rick Howard and Dave Caswell, 2019 RSA Conference, 6 March 2019.