Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Quantitative Risk Analysis?

From: Jim Webb <jtwebb () NGCSU EDU>
Date: Fri, 23 Jun 2006 13:31:24 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I was wondering if anyone out there might have any good info to
share concerning Quantitative Risk Analysis models.

Namely:

1. Is anyone currently using a Quantitive model to do
assessment (FIPS/ALE)? If so, do you feel that this has
garnered any significant benefits or burdens over qualitative modeling?
Do you prefer one method over another and if so why?

2. Has any one wrestled with the establishment of empirical cost basis
for "intangibles" such as primary & secondary losses from
reputation/brand damage?

I greatly appreciate any information/guidance offered concerning this.

many thanks,

- -Jim

- --
=====================================================
James Webb
Network Security Officer
Department of I.I.T
North Georgia College & State University
phone: 706-864-1922
email: jtwebb () ngcsu edu
http://www.ngcsu.edu/adminsrv/infotech/infosec/

"Never let the future disturb you. You will meet it,
if you have to, with the same weapons of reason which
today arm you against the present."
- -Marcus Aurelius

PGP Public Key: http://tinyurl.com/737x7
=====================================================
~
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (OpenBSD)

iD8DBQFEnCVNFU5MyueE6uIRAkrpAJ95YM64agE+bD5RrdZVw9i2ABhbuACeKEI2
kuVfX5oDO4PwYy8yLeE/I4c=
=RdWB
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: