Abstract
This article delves into the significance of quantifying cybersecurity risk, emphasizing its role as a decision-support mechanism for organizations. It discusses the process of Cyber Risk Quantification (CRQ) and its benefits in prioritizing risks, allocating resources effectively, and mitigating cyber threats. The article explores various questions related to cyber risk assessment, methods for quantifying risk, and the importance of selecting the right approach based on organizational needs. It highlights key models such as Factor Analysis for Information Risk (FAIR), Monte Carlo simulations, probability distributions, vulnerability analysis, and Bayesian models. The article concludes by recommending open-source solutions like those offered by Boise State University’s Cybersecurity Risk Quantification course to streamline risk assessment and management processes.
DISCLOSURE STATEMENT
No potential conflict of interest was reported by the author(s).
Additional information
Notes on contributors
Charlene Deaver-Vazquez
Charlene Deaver-Vazquez has been designing, securing, and assessing networks for over 35 years. She currently provides agency-wide risk analysis and risk quantification services for the Nuclear Regulatory Commission. She is an adjunct professor of cybersecurity risk quantification at Boise State University. She is also an author and speaker and is releasing an open educational resource textbook on Cyber Risk Quantification along with a complete toolkit of models.
Eli Taylor
Eli Taylor is currently pursuing his BS and MS degrees in Cyber Operations and Resilience at Boise State University, with a strong background in e-commerce, website management, and project management. He possesses exceptional skills in back-end development and is adept at creating high-performance web applications. Eli has worked with various corporate organizations and enjoys collaborating with individuals to support them in achieving their objectives.
Devin Rowley
Devin Rowley is a student at Boise State University working on his BS and MS degree in Cyber Operations and Resilience. While at Boise State, he has earned certificates in IT support and Data Analysis. He is currently employed as a vulnerability and policy analyst for high-performance computing systems. He always strives to improve the work environment around him by increasing productivity and accuracy.
Brooke Langis
Brooke Langis is affiliated with Boise State University, where she is pursuing a BS degree in Cyber Operations and Resilience. Previously, she obtained a degree in Business Management and Entrepreneurship from the College of Southern Idaho.