4 Common Mistakes When Calculating Threat Event Frequency For Web Apps

By
riskacademy
-
0
231

When it comes to the frequency half of the FAIR model, I consider Threat Event Frequency (TEF) king. Yes, in Factor Analysis of Information Risk (FAIR™), all of the ontology is important. But mistakes with Threat Event Frequency act as a multiplier.

We see this when analysts new to FAIR are working on Threat Event Frequency for web applications. A common use of RiskLens is to prioritize remediation efforts for web applications. Using FAIR provides a consistent and contextual way to identify what matters.

Bryan Smith is CTO of RiskLens and leads development of the RiskLens enterprise cyber risk quantification platform and other quantitative risk management products and services.

But if TEF is incorrectly derived, the analysis can run aground. Fortunately, mistakes made with Threat Event Frequency are often simple and easy to avoid.

Discover your industry’s greatest cyber risks in this new report. TRY IT FREE.

Threat Event Frequency in FAIR Cyber Risk Analytics

But first a quick recap of Threat Event Frequency. “Threat Event Frequency is the probable frequency, within a given time frame, that threat agents will act in a manner that may result in loss.” (from the…

Read More…

Актуальные книги на английском

Algorithms for Decision Making
Читать на английском
The Decision Intelligence Handbook: Practical Steps for Evidence-Based Decisions in a Complex World
Читать на английском
An Introduction to Decision Theory (Cambridge Introductions to Philosophy)
Читать на английском
An Introduction to Management Science: Quantitative Approaches to Decision Making
Читать на английском
Business Data Science: Combining Machine Learning and Economics to Optimize, Automate, and Accelerate Business Decisions
Читать на английском
Data, Models, and Decisions: The Fundamentals of Management Science
Читать на английском

RELATED ARTICLESMORE FROM AUTHOR