Inherent and Residual Risk Simulation
Example model
Description: The model simulates loss exceedance curves for a set of cybersecurity events, the likelihood and probabilistic monetary impact of which have been characterized by system experts. The goal of the model is assess the impact of mitigation measures, by comparing the residual risk curve to the inherent risk curve (defined as risk without any mitigation measures) and to the risk tolerance curve. This is a translation of a model built by Douglas Hubbard and Richard Seiersen which they describe in their book How to Measure Anything in Cybersecurity Risk, and which they make available here.
Keywords: Cybersecurity risk, loss exceedance curve, simulation
Author: Kim Mullins
Download: Hubbard_and_Seiersen_cyberrisk.ana
Comments
Enable comment auto-refresher