Daniel Hooper on LinkedIn: #cisolife #ciso #leadership

Thanks Daniel Hooper for asking such a great question. To explore a specific area of the "known unknowns" as Alexander Poizner pointed out: I think that we are missing in security programs a comprehensive and simple way to remove the guess work and gut feelings out of the equation of risk assessment. Specially on the probability/likelihood side. A quantitative model that will be industry data driven but yet simple and easy to understand across many industry sectors. While the FAIR model is a good start, I found it everything but simple and while I see it more easily adopted in insurance and finance companies as they accustomed to actuarial works. Such model would allow for complete buying of C-levels across many industries and avoid potential debates on the possibility of occurrence and interpretations. Of course, I'll take the crystal balls with the beer too :-)

3 Likes

3mo

Alexander Poizner

If I had one wish, it would be a continuous process to convert unknown unknowns into known unknowns. Everything else is, really, just an expense.

12 Likes

3mo