The Greatest Threat - Assumptions
Aug 26, 2022The greatest threat in any cyber risk program is assumptions, a prevalent trap to fall into. Collecting data and validating assumptions is hard work; it takes time, effort, and political capital, since some of the information may be owned and maintained by another team.
Additionally, the data may have missing information, incomplete or low confidence that the information you receive is complete and accurate. Because of these challenges, most organizations will perform qualitative assessments based on personal knowledge and assumptions. However, remember Budescu’s research on measuring probability, such as “very likely” was interpreted as anything from 43% to 99%, and “unlikely” could mean as low as 8% or as high as 66%, depending on whom you ask.
Imagine making risk decisions while not understanding the state of your patch management program; if your systems comply with the minimum security baseline; therefore, harden as you expect, or you are monitoring applications and operating systems logs for signs of compromise.
How accurate do you believe your assumptions will be if you don't know these facts?
========
*** FREE GUIDE ***
https://www.execcybered.com/asset-management
- Blog: https://www.execcybered.com/blog
- Training: https://www.execcybered.com/iso27001foundationcourse
- Linkedin: https://www.linkedin.com/company/exceccybered/
- Twitter: https://twitter.com/DrBillSouza
- Instagram: https://www.instagram.com/drbillsouza/
- Youtube: https://bit.ly/3BGOtPA
Author: Dr. Bill Souza | Aug 26, 2022
