CRQ (Cyber Risk Quantification) is the latest acronym doing the rounds in the cyber security industry. Many security professionals regularly use this acronym but few actually understand what CRQ is and even fewer know how to implement it. In this blog, I will attempt to demystify the concept of CRQ, express why a robust CRQ model is an essential requirement for every organization and describe the compelling business value it offers to those who have successfully implemented it. Finally, I will discuss the two primary approaches currently advocated in the market, highlight a few limitations of these approaches and provide details of a more effective way to implement CRQ. The What?
Simply put, CRQ is the quantification of an organization’s cyber risk expressed in monetary terms. An organization’s cyber risk is the intersection of its internal and external threat environment, its current cyber capabilities (i.e. security controls and […]
