Comments on: Risk assessment science http://www.securitybalance.com/2009/05/risk-assessment-science/ trying to bring balance to the Force Tue, 20 Apr 2010 03:58:31 +0000 hourly 1 http://wordpress.org/?v=abc By: Chris Hayes http://www.securitybalance.com/2009/05/risk-assessment-science/comment-page-1/#comment-240 Chris Hayes Thu, 21 May 2009 15:44:31 +0000 http://www.securitybalance.com/2009/05/risk-assessment-science/#comment-240 Hi Augusto. Assessing an issue for risk and modeling risk are two different things. Further complicating matters is when we need to aggregate the risk associated with numerous risk issues. The good news is that pretty much everything you have listed for “brings results that can [be] used to” – exists today. Actuaries and risk modelers have built these types of models for centuries. Just now are we seeing the same types of models being used for operational risk types. As for a risk assessment methodology and tools that begin to model risk and show control effectiveness – I would recommend you review the FAIR methodology and Risk Management Insight’s toolset. You can also build you own modeling tools – but this is not a trivial task even for simple risk models. Hi Augusto. Assessing an issue for risk and modeling risk are two different things. Further complicating matters is when we need to aggregate the risk associated with numerous risk issues. The good news is that pretty much everything you have listed for “brings results that can [be] used to” – exists today. Actuaries and risk modelers have built these types of models for centuries. Just now are we seeing the same types of models being used for operational risk types.

As for a risk assessment methodology and tools that begin to model risk and show control effectiveness – I would recommend you review the FAIR methodology and Risk Management Insight’s toolset. You can also build you own modeling tools – but this is not a trivial task even for simple risk models.

]]> By: Vicente Aceituno http://www.securitybalance.com/2009/05/risk-assessment-science/comment-page-1/#comment-239 Vicente Aceituno Thu, 21 May 2009 09:25:40 +0000 http://www.securitybalance.com/2009/05/risk-assessment-science/#comment-239 I really coudn't agree more with you. I really coudn’t agree more with you.

]]>