Enterprise risk management is a well-established discipline for quantifying and assessing organizational risks….
Practitioners of ERM typically rely on structured frameworks that often have roots in actuarial science, accounting and anti-fraud. For instance, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) ERM framework was developed in the late 1980s by five U.S. accounting and auditing organizations. Similarly, the Society of Actuaries has developed the chartered enterprise risk analyst credential, which focuses on the organizational impact of various risks — operational, investment, strategic and reputational.
For cybersecurity professionals, these frameworks pose something of a challenge: There’s no clear-cut way to map cybersecurity risk in their…