Writing
Notes on measuring risk
Cyber risk quantification, FAIR, Monte Carlo simulation, and the humans who feed the models.
Inside FORLAS CRQ: a tour of quantified cyber risk
A walkthrough of the tool: Monte Carlo loss distributions, exceedance curves, sensitivity analysis, tolerance metrics, and portfolio aggregation. The depth of an enterprise CRQ platform, free and offline.
Read articleFORLAS CRQ v0.2.0: show your working
A new Analysis and Evidence area puts the reasoning beside the numbers, plus segregation of duties on approvals, customisable layouts, and a scenario type picker.
Read articleCyber risk has a language problem
Boards can't budget against colours. How FAIR and Monte Carlo simulation replace "high, medium, low" with dollar figures, and why that tooling should be free.
Read article