The Language of Risk

Translating between Business and

Security

The potential harm that may arise from a future event.

The Value of Risk Management

“More than any other development, the quantification

of risk defines the boundary between modern times and the

rest of history.”

Peter L. Bernstein, Harvard Business Review, Mar.-Apr. 1996, p. 57-51.

Risk Management is Bigger Than Fire

Basic Games of Chance

Renaissance Studies on Probability

The Birth of Insurance

Evolution of Risk Management

Early dice made from sheep bones

Galileo publishes "Sopra le Scoperte“ in 1630

Lloyd’s of London circa 1774

Measuring Risk is Hard

We’ve reduced this…

…to this. (ARO)(SLE)=ALE

You Cannot Predict Misfortune• You do not know what

the Average Rate of Occurrence is.

• Your best hope is to pull a plausible average out of the air

Guessing Doesn’t Count

•You do not know the Single Loss Expectancy•You can only estimate the impact

Communicating Risk Is Harder

Education Is The Missing Piece

Finding a Common Language is Key

risks you faceeverydaywhat are the

malicious outsiders?

malicious insiders?

Whatdo youworryabout

Moreimportantly…

businessWhat does your

worry about

businessHow does a

doing wellknow it is

Brandon DunlapManaging Director of Research

bsdunlap@brightfly.comTwitter: bsdunlap

Brightfly, Inc.www.brightfly.com

Twitter: brightfly

Questions?