How to quantify risk  ?

Can you smell, taste or touch risk? Most probably not. Therefore, IT Risk Expert Bo Thygesen from ACI and KüberCast hosts Siim Pajusaar and Ronnie Jaanhold will discuss how to quantify and measure risk and how to make decisions based on them. During OpSec minutes you will find out that Android TV box with preinstalled malware can be purchased on Amazon and AliExpress. 

Risk can be defined in several ways, but it can be said that it is a likelihood of a future loss or a potential loss. With risks, you can’t really be 100% sure that something is happening but there is a probability that something is going to happen. 

Coming up with a list of risks can be taken as a creative process. To find out the risks creativity, common sense, knowledge about threat landscape and history should all be taken into account. For example, history is a good source of insight regarding threats because if something has happened it can happen again, and this should be considered. 

Regarding risk evaluation there’s qualitative and quantitative risks and it is thoroughly explained how to find these risks, create risk registers and how to challenge those risks. It can be said that risk management has two motivations – defensive and offensive where both are used for a slightly different purpose.  

Bo Thygesen walks you through how to calculate the worst-case scenario risk and shares his knowledge regarding the Monte Carlo simulation. Also, there are several things that can be easily overlooked during risk assessments. For example, secondary loss like reputation loss is one of those since it is quite difficult to measure and challenging to build it back up. 

Eye-opening conversation about risks can be listened HERE.