Measuring Cyber Risk
Good management of cyberspace requires a system of cyber metrics that are transparent, auditable, practical, scalable and the most difficult: widely agreed upon. To that end, we will evaluate various approaches to cyber risk quantification with the aim of informing the development of a public standard for measuring cybersecurity. One possibility is to use external market performance financial metrics as an indicator of cybersecurity (https://www.lawfareblog.com/assessing-cyber-risk-external-information). Others rely on internal enterprise analysis. As part of our ongoing work we outline the problem in this webinar and suggest the nature of some of the possible responses.
Recent Work from the Federal Affairs Team