The Security Engineering Risk Analysis (SERA) Method defines a systematic approach for evaluating cybersecurity risk in highly complex networked environments. The SERA Method uses a scenario-based approach to analyze how an attacker could leverage available attack vectors and technology vulnerabilities to compromise confidentiality, integrity, and
Topic: Risk Analysis
Doug Wylie directs the SANS Industrials and Infrastructure business portfolio, helping companies fulfill business objectives to manage security risks and develop a security-effective workforce. He also serves on the SANS Technology Institute advisory board for the Industrial Control Systems Security graduate certificate program. His lengthy career spans a
M. G. Cole is a cybersecurity analyst (CISSP, CSSLP) specializing in cybersecurity governance, risk, and compliance (GRC). With 22 years of combined experience in information security and technology, she is a committed life-long learner and understands the importance continual education plays in career development.
The webinar video recording will be available shortly. Thank you for your patience. This webinar describes the Cyber Security Game (CSG). CSG is a method that has been implemented in software that quantitatively identifies cyber security risks and uses this metric to determine the optimal employment of security methods for any given investment level.
Analyzing risk is critical throughout the software acquisition lifecycle. System risk is assessed by conducting a penetration test, where ethical hackers portray realistic threat on real systems by exploiting vulnerabilities. These tests are very costly, limited in duration, and do not provide stakeholders with “what-if” analyses. To alleviate these issues,
The ability for commanders to know and understand an organizational attack surface, its vulnerabilities, and associated risks is a fundamental aspect of command decision-making. In the cyberspace domain, ongoing monitoring sufficient to ensure and assure effectiveness of security controls related to systems, networks, and cyberspace, by assessing security