It is imperative that our field evolves common cyber-risk analysis practices beyond purely qualitative models and embraces data-driven methodologies. This session will tackle the challenges and supposed limitations of quantitative analysis head on by comparing two data-confidentiality scenarios. These scenarios appear similar on the surface, but quantitative analysis reveals meaningful differences.
Learning Objectives: 1: Debunk myths about the impossibility of applying quantitative analysis to cyber. 2: Learn from real-world examples of how common risk models hide meaningful differences between scenarios. 3: Gain approachable tools that can be used to analyze similar use cases in own environment.