ABSTRACT
Cybersecurity, privacy, governance, compliance, and risk are the business functions that are directly impacted by cybercriminals. These business functions have integrated relationships that can be understood from a business perspective using the digital asset approach to cyber risk management.
Cyber risk modeling is the science of using digital asset attributes to quantify cyber risk exposures (see previous chapter) and to score cyber risk across the cybersecurity lifecycle. These business metrics address compliance, security, risk, and privacy requirements and provide use cases that foster cyber resiliency.
Digital asset cyber risk modeling measures the inherent cyber risk of the digital asset, the effectiveness of the mitigating controls and can provide multiple Monte-Carlo simulations that ingest data from security tools to measure residual cyber risk. This model aligns to the dynamic nature of cybersecurity. Digital asset cyber risk analytics can be understood in context by the entire cybersecurity ecosystem, including the Board, CISO, DPO, compliance manager, vendor risk manager, Regulator, General Counsel, and CRO. They provide information that is useful to each person in the context of their role.
