Risk should be objectively quantified.
A quantified risk level guides decision makers in prioritizing how to spend wisely in treating risks. If applied information security is to be realized cost-effectively, the risk level is our tool. It is derived by estimating the risk event in terms of its probability and impact - ideally in monetary terms.
Objectivity in risk quantification requires historical data as a foundation for event likelihood plus a thorough understanding of its business impact.
(some of) my events
- 2018-05-28 Informationssäkerhet för ledare (teaching course, Luleå)
- 2018-05-23--25 Teknisk informationssäkerhet (teaching course, Stockholm)
- 2018-05-17 Three Capabilities in a Crisis (guest lecturing at Mid Sweden University, Östersund)
- 2018-05-16 Info.säkerhet är inte "någon annans problem" (lunch seminar at Mid Sweden University, Östersund)
- 2018-04-18--20 Operativ informationssäkerhet (teaching course, Stockholm)