Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

Share

Evaluator - SiRAcon 2018 Presentation

Download to read offline

A high level introduction to the Evaluator toolkit for open source quantified information risk management, as presented at SiRAcon 2018 in Seattle on February 8, 2018.

Evaluator - SiRAcon 2018 Presentation

  1. 1. Evaluator OPEN SOURCE QUANTITATIVE RISK MANAGEMENT MADE EASY EASIER SIRACon 2018 – Data > Dogma 1
  2. 2. Poll SIRACon 2018 – Data > Dogma 2
  3. 3. Hypothesis Risk Management is Haaaaaaaaaaard… SIRACon 2018 – Data > Dogma 3
  4. 4. Problem Statement How do we get people with large qualitative investments comfortable with strategic quantitative risk analysis? SIRACon 2018 – Data > Dogma 4
  5. 5. Introducing Evaluator Providing a bridge between qualitative data to OpenFAIR quantitative risk simulation SIRACon 2018 – Data > Dogma 5
  6. 6. What Does Evaluator Give Me? SIRACon 2018 – Data > Dogma 6
  7. 7. Quick Review of OpenFAIR RISK LEF TEF VULN TC DIFF LM PLM SL SLEF SLM SIRACon 2018 – Data > Dogma 7
  8. 8. Evaluator’s Default Model RISK LEF TEF VULN TC DIFF LM PLM SL SLEF SLM SIRACon 2018 – Data > Dogma 8
  9. 9. Evaluator Default Process Flow Excel-based data acquisition Encode qualitative data into quantitative scenarios Monte Carlo scenario simulation Summarize results across multiple dimensions Default reports for jump starting analysis SIRACon 2018 – Data > Dogma 9
  10. 10. Flow of an Evaluator Analysis Prepare Load Encode Simulate Summarize Report SIRACon 2018 – Data > Dogma 10
  11. 11. Prepare SIRACon 2018 – Data > Dogma 11 Prepare Load Encode Simulate Summarize Report • Survey Instrument • Domain Dictionary • Risk Tolerances • Qualitative Mappings
  12. 12. Survey Instrument SIRACon 2018 – Data > Dogma 12
  13. 13. Load SIRACon 2018 – Data > Dogma 13 Prepare Load Encode Simulate Summarize Report • Capabilities Table • Validated Qualitative Scenarios
  14. 14. Encode SIRACon 2018 – Data > Dogma 14 Prepare Load Encode Simulate Summarize Report • Quantitative Scenarios
  15. 15. Simulate SIRACon 2018 – Data > Dogma 15 Prepare Load Encode Simulate Summarize Report Dataframe of Results • Threat Event Count • Loss Event Count • ALE/SLE • VULN - TC and DIFF Exceedance
  16. 16. Summarize SIRACon 2018 – Data > Dogma 16 Prepare Load Encode Simulate Summarize Report Per-scenario and per-domain summary files Ready for Analysis with R, Tableau, etc.
  17. 17. Report SIRACon 2018 – Data > Dogma 17 Prepare Load Encode Simulate Summarize Report
  18. 18. Risk Dashboard SIRACon 2018 – Data > Dogma 18
  19. 19. Risk Report SIRACon 2018 – Data > Dogma 19
  20. 20. Scenario Explorer SIRACon 2018 – Data > Dogma 20
  21. 21. Ugh…that’s too much typing! SIRACon 2018 – Data > Dogma 21
  22. 22. MVA (Minimum Viable Analysis) > evaluator::create_templates() > base_dir <- “~/evaluator” > source(“~/evaluator/run_analysis.R”) SIRACon 2018 – Data > Dogma 22
  23. 23. davidski/evaluator-docker Your Container is Ready SIRACon 2018 – Data > Dogma 23
  24. 24. Advanced Options • Write your own model • Try different distributions SIRACon 2018 – Data > Dogma 24
  25. 25. Evaluator in the Wild • Strategic Technology Risk • HIPAA • PCI-DSS • Binary Risk Analysis (BRA) SIRACon 2018 – Data > Dogma 25
  26. 26. Future • Export scenarios to other tools • Increase performance and ease of modelling • Sensitivity analysis SIRACon 2018 – Data > Dogma 26
  27. 27. Call to Action • Try out Evaluator! • Find the rough edges! • Provide feedback! • Do more quantitative risk! SIRACon 2018 – Data > Dogma 27
  28. 28. Would You Like to Know More? SIRACon 2018 – Data > Dogma 28
  29. 29. Q&A https://evaluator.severski.net SIRACon 2018 – Data > Dogma 29
  • BirukTsegaye

    Dec. 23, 2019
  • WilliamBillGrant1

    Nov. 29, 2018
  • jacnah

    Feb. 10, 2018

A high level introduction to the Evaluator toolkit for open source quantified information risk management, as presented at SiRAcon 2018 in Seattle on February 8, 2018.

Views

Total views

633

On Slideshare

0

From embeds

0

Number of embeds

3

Actions

Downloads

16

Shares

0

Comments

0

Likes

3

×