This case study by Laura Payne on 'Quantitative Risk Analysis & Information Security' does a very good job in explaining the journey of an organization like BMO, as it evolved from a 'High, Medium and Low' approach to measure and express risk to to a more scientific and quantitative approach.
In this comprehensive video-presentation, she covers many foundational aspects of implementing quantitative risk analysis, including:
- How organizations are measuring and articulating risk today
- The limits of qualitative risk models
- The selection of the Open FAIR standard as a quantitative risk model
- What is FAIR and how do you use it?
- Overcoming obstacles
- Semi-quantitative and fully quantitative risk assessments
Laura Payne is a Senior Information Security Advisor at the Bank of Montreal and recently joined the FAIR Institute as a member. She has over 10 years of experience in the financial services industry covering a variety of roles in IT operations and information security. She first presented this case study at a SecTor conference.