2 Comments

Do you have any articles that delve deeper into your example of:

"So an organization with a risk appetite of $100,000 of ALE would accept any of the following vulnerabilities indefinitely:

- 20 with an ALE of $5,000 each

- 2 with an ALE $25,000 each

- 1 with an ALE of $100,000 "

Meaning - examples of how security teams go from identifying all of the risks, to evaluating their environments (current vulns) and putting a $ figure to them?

Great page!

Expand full comment