Cybersecurity risk assessment involves compiling lists of risks and associating them with their probabilities and potential impacts to your organization. When data on risks is sparse or unreliable, organizations turn to subject matter experts for their subjective estimates of probabilities and impacts. Scientific research documents several shortcomings of subjective estimates, but also highlights the conditions and practices that minimize biases on decision-making that can make such estimates useful in assessing risk.
This workshop will be the first in a series of conversations with Corey Neskey about using scientific insights in cybersecurity risk assessment. In this talk, Corey will walk you through what the research says about expert estimates and how we can use that knowledge to improve cybersecurity decision-making. We’ll also dive into:
-What scientific research do cybersecurity frameworks and regulatory standards use?
-What does the research say about risk assessment?
-How can we realistically apply what science found in an organizational setting?
-We’re definitely spending money on cybersecurity, but we’re probably not going to have a big data breach, so how much is reasonable to spend?
This series draws on decades of scientific research literature from peer-reviewed, high-impact journals, and breaks its insights down in an approachable and actionable way. Join us to learn more and gain a better understanding of how you can improve your risk assessment methodology with the latest that scientists have to offer.