Takeaways

• Cyber risk quantification is often misunderstood and challenging to implement.
• A business-first approach is crucial for effective risk management.
• Compliance and risk management serve different purposes and should not be conflated.
• Defining clear outcomes is essential before starting any quantification project.
• Simplifying measurement processes can lead to better insights.
• Stakeholder engagement is vital for successful risk decision-making.
• Non-financial impacts can be just as important as financial metrics.
• Quantification should not be an all-consuming task; focus on key scenarios.
• Understanding the problem space is more important than technical expertise in quantification.
• Existing risk tools often provide inadequate assessments, necessitating a more tailored approach. It's not true risk quantification, but some level of more specific measurement to vulnerabilities.
• Our ambition of mitigating vulnerabilities is much larger than our capacity.
• We need to categorize vulnerabilities based on their actual business risk.
• The industry drowns in findings from vulnerability tools.
• .css-j9qmi7{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;font-weight:700;margin-bottom:1rem;margin-top:2.8rem;width:100%;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:start;justify-content:start;padding-left:5rem;}@media only screen and (max-width: 599px){.css-j9qmi7{padding-left:0;-webkit-box-pack:center;-ms-flex-pack:center;-webkit-justify-content:center;justify-content:center;}}.css-j9qmi7 svg{fill:#27292D;}.css-j9qmi7 .eagfbvw0{-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;color:#27292D;}
  Share

  Mark as Played