New ISACA Paper Enables Enterprises to Use Cyberrisk Quantification to Improve Approach to Cybersecurity Risk
Cyberrisk quantification (CRQ) expresses cybersecurity risk in terms of monetary value to the enterprise, translating technology concerns into business concerns.
- Cyberrisk quantification (CRQ) expresses cybersecurity risk in terms of monetary value to the enterprise, translating technology concerns into business concerns.
- A new white paper from ISACA, Cyberrisk Quantification , addresses the importance of acquiring useful data and amplifying it as part of a CRQ analysis.
- CRQ can be a critical enabler of improving organizations approach to cyber risk.
- However, cybersecurity measurement can bring its own set of challenges, including accurately gathering data and addressing issues with verbal and ordinal scales used to measure the risk, says Paul Phillips, CISA, CISM, MBA, ISACA IT risk professional practices lead.