![Sample our Computer Science journals, sign in here to start your access, latest two full volumes FREE to you for 14 days]({"type":"image" , "src" : "/sda/5928/TOC-Subject-Sample-2021-Computer-Science.jpg"})
Abstract
Cybersecurity audits are vital in today’s digital landscape, yet they come with numerous challenges, such as resource constraints and evolving audit requirements. This article explores the importance of risk quantification in cybersecurity audits, emphasizing its role in aiding decision-making processes and enhancing organizational resilience. Drawing from real-world examples like the 2019 First American Financial Corporation data breach, the article highlights the consequences of unresolved vulnerabilities and the necessity of effective risk communication. By introducing a simplified framework for risk quantification, the article proposes a practical approach that enables auditors to approximate probabilities without complex software tools. Furthermore, it discusses the synergy between risk quantification and compliance efforts, underscoring their collective impact on resource allocation, risk management strategy, and business continuity. Ultimately, the article advocates for a paradigm shift in cybersecurity audits, urging auditors to move beyond traditional pass/fail approaches and embrace quantitative risk assessment methodologies to better safeguard organizations against cyber threats.
DISCLOSURE STATEMENT
No potential conflict of interest was reported by the author(s).
Additional information
Notes on contributors
Charlene Deaver-Vazquez
Charlene Deaver-Vazquez has been designing, securing, and assessing networks for over 35 years. She currently provides agency-wide risk analysis and risk quantification services for the Nuclear Regulatory Commission. She is an adjunct professor of cybersecurity risk quantification at Boise State University. She is also an author and speaker and is releasing an open educational resource textbook on Cyber Risk Quantification along with a complete toolkit of models.
Eli Taylor
Eli Taylor is currently pursuing his BS and MS degrees in Cyber Operations and Resilience at Boise State University, with a strong background in e-commerce, website management, and project management. He possesses exceptional skills in back-end development and is adept at creating high-performance web applications. Eli has worked with various corporate organizations and enjoys collaborating with individuals to support them in achieving their objectives.
Devin Rowley
Devin Rowley is a student at Boise State University working on his BS and MS degree in Cyber Operations and Resilience. While at Boise State, he has earned certificates in IT support and Data Analysis. He is currently employed as a vulnerability and policy analyst for high-performance computing systems. He always strives to improve the work environment around him by increasing productivity and accuracy.
Brooke Langis
Brooke Langis is affiliated with Boise State University, where she is pursuing a BS degree in Cyber Operations and Resilience. Previously, she obtained a degree in Business Management and Entrepreneurship from the College of Southern Idaho.