Educause Security Discussion mailing list archives
Quantitative Risk Analysis?
From: Jim Webb <jtwebb () NGCSU EDU>
Date: Fri, 23 Jun 2006 13:31:24 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I was wondering if anyone out there might have any good info to share concerning Quantitative Risk Analysis models. Namely: 1. Is anyone currently using a Quantitive model to do assessment (FIPS/ALE)? If so, do you feel that this has garnered any significant benefits or burdens over qualitative modeling? Do you prefer one method over another and if so why? 2. Has any one wrestled with the establishment of empirical cost basis for "intangibles" such as primary & secondary losses from reputation/brand damage? I greatly appreciate any information/guidance offered concerning this. many thanks, - -Jim - -- ===================================================== James Webb Network Security Officer Department of I.I.T North Georgia College & State University phone: 706-864-1922 email: jtwebb () ngcsu edu http://www.ngcsu.edu/adminsrv/infotech/infosec/ "Never let the future disturb you. You will meet it, if you have to, with the same weapons of reason which today arm you against the present." - -Marcus Aurelius PGP Public Key: http://tinyurl.com/737x7 ===================================================== ~ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (OpenBSD) iD8DBQFEnCVNFU5MyueE6uIRAkrpAJ95YM64agE+bD5RrdZVw9i2ABhbuACeKEI2 kuVfX5oDO4PwYy8yLeE/I4c= =RdWB -----END PGP SIGNATURE-----
Current thread:
- Quantitative Risk Analysis? Jim Webb (Jun 23)
- <Possible follow-ups>
- Re: Quantitative Risk Analysis? CyberRAVE Support (Jun 23)
- Re: Quantitative Risk Analysis? Basgen, Brian (Jun 23)