Risk should be objectively quantified.
A quantified risk level guides decision makers in prioritizing how to spend wisely in treating risks. If applied information security is to be realized cost-effectively, the risk level is our tool. It is derived by estimating the risk event in terms of its probability and impact - ideally in monetary terms.
Objectivity in risk quantification requires historical data as a foundation for event likelihood plus a thorough understanding of its business impact.
(some of) my events
- 2019-05-15--17 Teknisk informationssäkerhet (teaching course, Stockholm)
- 2019-04-09--11 Operativ informationssäkerhet (teaching course, Stockholm)
- 2019-03-27 Beyond the Static InfoRisk Assessment (presenting at Åre Risk Event)
- 2019-03-06--08 Strategisk informationssäkerhet (teaching course, Stockholm)
- 2019-02-07 Säkerhetsarkitektur - ingenjörskonst eller hantverk? (hosting seminar in Falun)