Drawing on techniques in Hubbard’s new book, How to Measure Anything in Cybersecurity Risk, this session will completely change how you look at assessing risk in cybersecurity.
Topics in this session include: Principles of assessing and communicating risks, measuring “intangibles” like damage to reputation, measuring an expert’s skill at providing “calibrated estimates” of probabilities, using spreadsheet-based simulations, and how to make the case for quantitative methods in your organization. The session consists of core topics and optional topics as follows.
Core Topics – The following topics are included in the standard version of the seminar (the first day of the 2-day event).
- Introduction to the challenge of measuring cybersecurity risk and how common misconceptions lead to the belief that cybersecurity risk is not measurable.
- Overview of how the performance of some of the most popular risk assessment methods, like heat maps, have been objectively measured – and how they failed.
- See how a simple, quantitative model can replace heat maps – even with limited data – in a way that is consistent with actuarial methods.
- Review the material using a case example for estimating cybersecurity risk.
- Training in subjective assessment of probabilities in a way that your performance can be measured.
Optional Topics – Choose any two of these half-day sessions or add a third day to the event to cover all topics.
- Calibration Training – HDR will teach the techniques behind subjectively assessing the probability of uncertain events and the ranges of uncertain quantities. This is an essential skill for anyone who needs to consider chance in decisions. Participants will see their skills measurably improve during the training with a series of “calibration exams.” Participants will also learn some of the techniques involved in training others to be calibrated.
- More Advanced Cybersecurity Measurement Topics – Participants will learn additional methods for more advanced cybersecurity measurement topics. These include statistical methods for reducing expert inconsistency, and updating models with new empirical data.
- Challenges, Solutions, Next Step (CSN) Workshop – The objective of the CSN workshop is to help participants identify opportunities to apply the methods they learned to specific cybersecurity risk problems identified by you. The workshop will identify the appropriate methods for the problems and discuss how to get started on developing a full cybersecurity risk solution. This module allows participants to see the practical applications of what they learned and begin to plan details of next steps.
Optional Customization – If you need content developed specifically for your industry or your firm, email us to estimate a customization effort.