Do you have any articles that delve deeper into your example of:
"So an organization with a risk appetite of $100,000 of ALE would accept any of the following vulnerabilities indefinitely:
- 20 with an ALE of $5,000 each
- 2 with an ALE $25,000 each
- 1 with an ALE of $100,000 "
Meaning - examples of how security teams go from identifying all of the risks, to evaluating their environments (current vulns) and putting a $ figure to them?
Do you have any articles that delve deeper into your example of:
"So an organization with a risk appetite of $100,000 of ALE would accept any of the following vulnerabilities indefinitely:
- 20 with an ALE of $5,000 each
- 2 with an ALE $25,000 each
- 1 with an ALE of $100,000 "
Meaning - examples of how security teams go from identifying all of the risks, to evaluating their environments (current vulns) and putting a $ figure to them?
Great page!
Thanks! I do have some additional articles/tools that would help you calculate this:
https://blog.stackaware.com/p/the-deploying-securely-risk-assessment-ded
https://blog.stackaware.com/p/artificial-intelligence-risk-scoring-system-p3