I had the distinct pleasure to present two research projects to the Vancouver SecSIG/(ISC)2 in November 2015, and again to the Business Continuity Institute Forum, BC Chapter, in April 2016.
Every single risk framework that applies to InfoSec talks about probability but doesn’t offer much guidance on how to calculate or apply it. One could borrow from the common financial or manufacturing risk models, but those models do not apply to InfoSec because they are informed from past events. InfoSec risk needs to look forward without being informed by the past, and that drives the risk professional into very specific risk models. These models simplify probability calculations and there are proven ways to apply these models effectively, efficiently, and with high confidence in the results.
“Thank you so much for delivering an extremely engaging and informative presentation. Your research and analysis is first rate and provides a great perspective on risk management.”
“Jordan, thanks for the informative presentation. As a risk management consultant I spend a lot of time thinking about probability assessments and I found you presentation to be the most lucid and easily understandable explanation of the topic I have seen. I look forward to having you present this to the British Columbia Business Continuity Institute Forum in the near future. Thanks”