The topic of this week's seminar was quantifying and prioritizing loss potential.

Sub topics were

presented in order for us to perform this. We initially went over risk and threat analysis. During
this step, it is important to establish what is being protected (asset) and what threatens this
asset. Additionally, we must take care to analyse the likelihood of any threats we determine to
exist.
Next was assessing the criticality, or severity, involved with any loss of the asset. During this
process we must approximate dollar values for any loss incurred. A three stage approach
followed up regarding meaningful solutions and their dollar values. Essentially, what occurs
during this time is shopping around for solutions that can mitigate or prevent and potential loss
of assets. The most cost effective solutions will vary based on the assets and likelihood of
threats to them.
Not all threats are created equally and I believe this to be the most important takeaway from the
reading and this seminar. Security budgets aren’t blank checks, and many times companies
sacrifice effectiveness in order to save money. This has the obvious effect of increasing the
likelihood of loss occurring. Being able to quantify your losses and prioritize what you are willing
to lose, allows for efficient allocation of resources and can help minimize the probability that loss
will occur, especially when companies skimp on their security budgets.