Embedded Files
Abstract & sneak peek on our talk at FloCon 2022
Abstract & sneak peek on our talk at FloCon 2022
SEI Capstone - Executive Summary.pdf
ECI & RA: Express Control Impact and Risk Analysis
ECI & RA: Express Control Impact and Risk Analysis
Partnering with the Software Engineering Institute at Carnegie Mellon University, we devised a Cyber Risk method for any organization combining FAIR, MITRE, OCTAVE, CMMC, NIST CSF, and NIST SP 800-53 frameworks. The main objective is to quickly quantify risks and provide the CISO with a concise and express control impact prioritization strategy. CISOs will be allowed to quickly justify their budget and investments to executives.
As a result, the tool will help any organization manage their risk according to their custom-tailor appetite and budget. Giving the CISO a tool to successfully navigate controls gap and implementation and prioritize risk treatment.
Objective
Develop a method and tool to help analyze the impact a given set of controls has on cyber risks estimation.
Purpose
Helps determine how much less risk an organization will have if certain controls are implemented and reduce financial loss.
Building blocks
Factor Analysis of Information Risk (FAIR)
Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Allegro from SEI
Threat Assessment & Remediation Analysis (TARA) from MITRE
NIST SP 800-53 controls
CMMC
NIST CSF
Google Sites
Report abuse