This is not strictly required by the FAIR methodology but would be a nice addition.
Typically a CISO will draw the LOE for the inherent and residual risk, he will then ask his CTO/CEO/CFO to provide a few data points to build a risk tolerance curve.
An example from PAN talk is here:
The tolerance curve will be interpolated from the few datapoints (the user should choose from linear, expo or polynomial) provided.
The tolerance curve should then be intersected with the other two to find out the break out points.
Would be wonderful to have a class to inject such LOE from input data.
Cheers!
This is not strictly required by the FAIR methodology but would be a nice addition.
Typically a CISO will draw the LOE for the inherent and residual risk, he will then ask his CTO/CEO/CFO to provide a few data points to build a risk tolerance curve.
An example from PAN talk is here:
The tolerance curve will be interpolated from the few datapoints (the user should choose from linear, expo or polynomial) provided.
The tolerance curve should then be intersected with the other two to find out the break out points.
Would be wonderful to have a class to inject such LOE from input data.
Cheers!