Super Prognostication II: Risk Assessment Prognostication in the 21st Century

Posted on in Presentations

For the past 25 years, network defenders have been doing risk assessments wrong. Qualitative risk matrices and heat maps are just bad science. The “new” math consists of latency curves, Bayes algorithm and Monte Carlo simulations. Come see how to do them.

Learning Objectives:
1: Review the literature and advanced thinking about why qualitative risk matrices are bad.
2: Learn how to run Monte Carlo simulations on your key risks and combine them using Bayes Algorithm.
3: Learn how to build loss exceedance curves.

Familiar with Excel, basic understanding of statistics.
Colonel David Caswell


Permanent Professor and Head, Department of Computer and Cyber Sciences, United States Air Force Academy

Rick Howard


CSO, The CyberWire

Share With Your Community