Cyber Risk Assessment: Moving Past the ‘‘Heat Map Trap’’

Subscriber Content
Screenshot of the first page of Cyber Risk Assessment: Moving Past the ‘‘Heat Map Trap’’
By
Vince Dasta, Protiviti Associate Director
How to Conduct a Quantitative Risk Assessment for Cybersecurity

Given the limits on time, attention and resources with which every cyber team must contend, risk assessment plays a critical role in helping set priorities and decide between options. Unfortunately, most cybersecurity professionals rely on ‘‘pseudo-quantitative’’ methods, in which risks, benefits and other factors are given labels, colors or ratings. These approaches have the veneer of objectivity but are actually highly subjective.

In this article, Protiviti Associate Director Vince Dasta offers an alternative clear path to implementing a risk assessment program that is authentically quantitative and in which confidence is justified.


Topics
Performance Management/Measurement
Internal Audit
Internal Controls
Risk Assessment
IT Controls
IT Audit

Related Resources

Newsletters

Improving Your Company’s Risk Assessment Process

Newsletters

The Cyber Risk Oversight Challenge

Free Trial

Sign up for a free, no-obligation trial to start exploring our timesaving, valuable resources.

Let's Do It