Quantifying Information Risk and Security


Information risk and security practitioners are facing a significant problem:  A lack of meaningful metrics.

Wouldn’t it be nice to be able to tell senior managers, “The risk that a significant information security incident will happen this month is 9 percent.” Meteorologists have been doing this for many years; however, they are often wrong and the majority of people receiving this information don’t actually understand what it means.

Information risk should be thought of as an uncertainty. Risk can, and is, quantified using heat maps or risk matrices with green, yellow and red boxes, which are, at best, informed guesses. Worse, these maps/matrices do not properly reflect the situation of an unthinkable, extremely low probability event that if it happened, would have a huge impact.

Read more: Quantifying Information Risk and Security >
Source: Isaca.org



ISACA geeft examentrainingen om de titel CISA te mogen voeren. CISA is een wereldwijd erkend certificaat voor IS audit control. Het toont aan dat u de benodigde ervaring, skills en kennis heeft om veiligheidsrisico's te detecteren en betrouwbare audits uit te voeren.

Lees meer over de CISA-training>


Als CISM bent u in staat om zelfstandig informatieveiligheid te analyseren. ISACA verzorgt een examentraining voor CISM, die zowel ruimte biedt voor het bijspijkeren van kennis als concrete oefeningen voor het examen.

Lees meer over de CISM examentraining >