SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsA quantitative risk assessment strategy is outlined with brief discussions of threat, risk categories and data classification. The differences between quantitative and qualitative assessments are specified with the conclusion that both methods have significant strengths and weaknesses. A quantitative method that spans both assessment types is then presented with rigorous analysis of impact of individual risk factors upon the overall risk to information. A method of easily organizing risk factors according to the quantitative method called a Risk Assessment Orgchart is explained and demonstrated. Careful manipulation of the method can make the analysis very sensitive to data classification and thus data-centric. A discussion on how to assign values to individual risk factors (scoring) should help users of the method be successful. Finally, a simple sample assessment is presented to tie all the analysis elements together and to further clarify the method.