The Greatest Threat - Assumptions

cybersecurity risk management smallbusiness Aug 26, 2022

The greatest threat in any cyber risk program is assumptions, a prevalent trap to fall into. Collecting data and validating assumptions is hard work; it takes time, effort, and political capital, since some of the information may be owned and maintained by another team.

Additionally, the data may have missing information, incomplete or low confidence that the information you receive is complete and accurate. Because of these challenges, most organizations will perform qualitative assessments based on personal knowledge and assumptions. However, remember Budescu’s research on measuring probability, such as “very likely” was interpreted as anything from 43% to 99%, and “unlikely” could mean as low as 8% or as high as 66%, depending on whom you ask.

Imagine making risk decisions while not understanding the state of your patch management program; if your systems comply with the minimum security baseline; therefore, harden as you expect, or you are monitoring applications and operating systems logs for signs of compromise.

How accurate do you believe your assumptions will be if you don't know these facts?


*** FREE GUIDE ***

Author: Dr. Bill Souza | Aug 26, 2022 



Want Helpful Cyber Risk Tips Every Week?


You're safe with me. I'll never spam you or sell your contact info.