In this keynote, Richard will make the case for quantitative risk assessments and provide some examples of how the lack of hard data can be overcome in an ICS risk assessment. Richard will also be signing copies of his book at the Cabana Sessions later in the day.
The ICS community often holds qualitative risk assessments in low regard, and credible quantitative risk assessments are generally viewed as impossible due to a lack of data. Richard Seiersen has co-authored a book, How To Measure Anything In Cybersecurity Risk, that argues that not only are quantitative risk assessments possible, but they are necessary. The book then goes into detail as to why this is true, and how they can be performed.