Part 5 - Translating Technical Threats Into Business Risk

Video Activity

This lesson discusses how to translate technical threats into business risks while taking into account both direct and indirect costs.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
48 minutes
Difficulty
Advanced
CEU/CPE
1
Video Description

This lesson discusses how to translate technical threats into business risks while taking into account both direct and indirect costs.

Video Transcription
00:04
So now that we have these numerical values, let's go ahead and help translate these technical threats into business risk. Because the cost considerations are obviously a business risk, we're gonna have to unique line items direct and indirect.
00:18
So direct basically means What would the cost to remediate at the point of discovery be
00:24
versus incident response?
00:26
Indirect. Maybe, You know you have heard while pony, Montes says, If you get breached, its $203 a record.
00:33
But the problem with that is, if you sit there and try to say to your system owners, Well, we need to spend $85,000 on this new product or we could lose $3.5 million
00:45
you're probably gonna get that guy Earlier in the slide deck that was saying, Get the heck out of my office.
00:51
So what we're trying to be able to do, and this is actually coming from a riel assessment that I've done previously
00:58
that shows a correlation between the direct and indirect
01:02
Kloss.
01:03
As you can see, the cost of remediation was dramatically less than the cost of instant response and recovery.
01:10
This gives the type of detail in information that system owners need to help justify their security program spend.
01:19
It's part of this assessment. There were also indirect risks that were identified.
01:23
The remediation of those efforts were about $3000
01:29
the cost for instant response and recovery. While you cannot put a definitive dollar value on that, it is important to note that since this took place in Georgia,
01:38
there is a potential claim for a violation of the Georgia Personal Identity Protection Act.
01:44
HIPPA sanctions, improved notifications
01:46
and, of course, potential litigation costs.
01:49
So now you're able to provide your senior leaders with a more holistic picture on what the direct and indirect costs.
01:59
Actually, it looked like.
Up Next