Framework for Threat-Informed Cyber Risk Assessment

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/ Combining FAIR and Threat-Informed Defense to Evaluate Real-World Threat Exposure Cybersecurity risk assessments frequently depend on qualitative scoring of controls based on standards like ISO 27001, NIST CSF 2.0, or CIS Controls. While these standards help establish good structure of a cybersecurity program, they fall short in addressing how real-world adversaries operate. They don’t guide prioritization based on actual attack techniques or measure the real effectiveness of defenses. We propose a threat-informed risk assessment framework that integrates threat-informed defense methods to link adversary behavior to mitigation coverage and directly inform the Loss Event Frequency input of the FAIR model. Featuring: Mehdi, Azaouioui, CEO & Founder, Limbersecurity (https://www.linkedin.com/in/mehdi-azaouioui-51a4431b/)