As a result of trying to simplify security and help force multiply, I’ve been iterating on different methods of communicating security in a way that enables people, from an intern all the way to a CEO, to understand why security is important and help the process of working with security.
One of those key elements that needs to be part of the communication is security risk, and while I already mentioned how to talk about it in the past, I needed a process to support that with data. The process, however, needed to remain simple and understandable by anyone. This is where the folks at the Binary Risk Analysis came to mind. They have a straight forward and easy to understand way to calculate security risk so you can have a conversation about it.
So, I decided to build on top of their great work, simplify it a little bit, and make it more generic. The result is the Forward Point Risk Process. Why that name? Because it’s the point where you can jump forward after understanding the security risk. You can have a conversation about what can go wrong, and choose to either do something about or accept the risk. It enables more fluid security, giving security professionals a simpler way to talk about security problems. Well, at least that’s what I hope.
By the way, if you need to assess the risk of bringing a new vendor or SaaS solution, well, there is a collection of questions you can ask to assess risk as well.
Go check it out: frwdp.com
Oh, and if you need a little tool to calculate the risk, I’ve got you covered: the FRWDP Tool is live!