Go Back

(ISC)2 Quantifying Cloud Risk

Monday, September 12, 2016 3:15 PM - 4:15 PM
Location: W103A / W103B Cloud Secur
Education Level: Intermediate

Business executives are unlikely to ever really understand risk statements like “High risk”, “Medium risk” and “Low risk”. As a result, they sometimes discount higher risk situations as “infosec conservatism.” Risk quantification can be a powerful tool to help them better understand and appropriately prioritize infosec risk scenarios. In this session, Jack will walk participants through an analysis of a specific cloud service leveraging the Factor Analysis of Information Risk (FAIR) framework. The analysis results will be described in business terms that any executive would understand. This session will demonstrate a pragmatic approach to quantifying cloud-related risk.

Learning Objectives
The power of communicating information security risk in business terms.

A pragmatic approach to quantifying information security risk.

Weaknesses associated with common 3rd party risk assessment methods.


Jack Jones CISSP®
EVP, Research and Development