| Share

New ISACA Paper Enables Enterprises to Use Cyber-risk Quantification to Improve Approach to Cybersecurity Risk

Sydney, Australia (21 June 2021) – Cyber-risk quantification (CRQ) expresses cybersecurity risk in terms of monetary value to the enterprise, translating technology concerns into business concerns. A new white paper from ISACA, Cyberrisk Quantification, addresses the importance of acquiring useful data and amplifying it as part of a CRQ analysis.

The white paper outlines considerations related to measurement—exploring verbal, ordinal and ratio scales and the issues involved with each—as well as dives into the methods for gathering data, including external sources, internal data sources, and the opinions of subject matter experts.

Cybersecurity practitioners can then learn about how Monte Carlo Simulations can be used to transform quantified inputs into CRQ outputs, as well as how to integrate CRQ with other risk assessment methods, including control-based assessments and vulnerability assessments and static/dynamic code analysis. 

“CRQ can be a critical enabler of improving organisations’ approach to cyber risk,” says Paul Phillips, CISA, CISM, MBA, ISACA IT risk professional practices lead. “However, cybersecurity measurement can bring its own set of challenges, including accurately gathering data and addressing issues with verbal and ordinal scales used to measure the risk. 

“By understanding the CRQ techniques and additional risk assessment methods that can be implemented, as well as acquiring the right data from both internal and external sources along with SME insights, enterprises can have a clearer picture of the overarching threat landscape.” 

For a complimentary copy of Cyberrisk Quantification, visit www.isaca.org/bookstore/bookstore-wht_papers-digital/whpcrq. Additional cybersecurity resources from ISACA can be found at www.isaca.org/training-and-events/cybersecurity.




For more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organizations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its more than 150,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide. In 2020, ISACA launched One In Tech, a philanthropic foundation that supports IT education and career pathways for under-resourced, under-represented populations.


Contact: Karen Keech, karen@establishedmedia.com, 0411 052 408