A revised and expanded version of my presentation at SecureWorld Expo 2010 in Bellevue, WA, where I introduce “The New School of Information Risk Management.” Unlike old school approaches to information risk management, the new school is based two fundamental concepts.

1. Evidence-Based Risk Estimates: Estimates of a risk’s probability and impact should be based upon evidence.
2. Evidence-Based Methods: Decisions about risk should be made using decision-making methods that are themselves evidence-based.

 

Risk management is about much more than identifying a list of issues, gaps, or findings. Risk analysis requires a way to measure both the probability and business impact of risks. In this session, participants will learn how to measure risk, focusing on the probability of information risks.

Key topic areas that are covered:
 
•  Estimating Probability and Frequency: Proven techniques that use real data to improve on guesswork.
•  Calibration of Expert Opinion: How to calibrate experts to reliably quantify their uncertainty.
•  Risk Communication: How to communicate risks in a way that engages management while avoiding FUD (Fear Uncertainty and Doubt).

LINK

Test Post For All Elements →

← 6 Theories of Probability and 6 Reasons Why They Matter to ISRA