UNH Cyber Threat Calculator

Email lists > Policy Standards Regulations and Compliance

Thread: UNH Cyber Threat Calculator

Search this list only Search all lists
UNH Cyber Threat Calculator
	2007-01-29 10:10:59
I figure most people have seen this story already if you're reading the rags, but it's interesting anyway. Have any of you had a chance to see, use, or read any papers on the analsyis process for the Cyber Risk calculator? Apparently it's expected to be released to the private sector in 2007. I'm curious to see if it has any new risk analysis methods, factors in multiple variables, or does it just take the current methodologies and make them point-and-click friendly. h ttp://www.govtech.net/magazine/story.php?id=103567 http://www.unh.edu/news/cj_nr/2007/jan/lw25cyber.cfm

RE: UNH Cyber Threat Calculator
	2007-01-29 11:28:17
Not sure but the phrase "digital pearl harbor" put me off completing the article Here is a list of current problems that I think make risk assessments hard, ineffective and not adopted as widely as they should be. 1. Complex, big methodologies that people don't have resources to understand and implement. 2. Ivory tower ideas that are fine in theory but not practical in practice 3. Risk usually not translated "well" into business issues / impacts 4. Most are an all or nothing approach. Need tiers i.e. first pass to get basic rule of thumb 5. We need good supporting checklists, forms and material 6. Need a RA guide for layperson (business owner) including a "What's in it for me?" 7. Extensible and pluggable - everyone has unique businesses and any methodology needs to be able to be extended so its works well in a specific environment and for parts of it (risk ranking) to be pluggable by a company's specific requirements or ideas 8. RA Lite - need to have a RA that can be self-assessed or done in 30 mins. This may lead to a more detailed future RA but should be easy for everyone to buy into 9. The output must be traceable - to many RA's produce issues that are neither tangible or traceable. If it's not tangible or traceable it can't have an owner What am I missing from this list? http://www.securitybudd ha.com http://www.securitybu llshit.com -----Original Message----- From: Earl Crane [mailto:earlcranegmail.com] Sent: Monday, January 29, 2007 5:11 PM To: psrcsecurityfocus.com Subject: UNH Cyber Threat Calculator I figure most people have seen this story already if you're reading the rags, but it's interesting anyway. Have any of you had a chance to see, use, or read any papers on the analsyis process for the Cyber Risk calculator? Apparently it's expected to be released to the private sector in 2007. I'm curious to see if it has any new risk analysis methods, factors in multiple variables, or does it just take the current methodologies and make them point-and-click friendly. h ttp://www.govtech.net/magazine/story.php?id=103567 http://www.unh.edu/news/cj_nr/2007/jan/lw25cyber.cfm

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )

Mailing lists