The World Economic Forum has launched a new cyber framework aimed at helping companies calculate the risk of cyberattacks. The three components of the framework are, “an assessment of a company’s vulnerabilities and defenses, the potential cost of data breaches, and a profile of the attacker.”
The framework has garnered praise from cyber experts because of its “holistic approach towards cyberrisk.” Lance Cottrell of security firm Ntrepid Corp. stated “the framework’s orientation towards probabilistic models of possible losses from attacks will keep businesses focused on minimizing total possible losses rather than building hard brittle shells around their networks.”
The framework is meant to build off of President Obama’s cyber agenda, especially with regards to awareness and information sharing. Attendees at Davos claim that the World Economic Forum framework, especially when combined with Obama’s proposed cybersecurity legislation, could make a big impact in the U.S. in particular because it will help spur executive sponsorship by elevating the risk assessment function to higher levels of the corporate organizational structures and help organizations get into the minds of attackers. A more detailed account of the new framework can be found at CSO Online.