A Conversation on Risk Quantification

Media Thumbnail
  • 0.5
  • 1
  • 1.25
  • 1.5
  • 1.75
  • 2
This is a podcast episode titled, A Conversation on Risk Quantification. The summary for this episode is: <p><span style="color: rgb(0, 0, 0); background-color: transparent;">Dustin Owens’ extensive background in GRC began with an undergraduate degree in computer information systems.&nbsp;</span></p><p><span style="color: rgb(0, 0, 0); background-color: transparent;">When he realized programming </span><em style="color: rgb(0, 0, 0); background-color: transparent;">wasn’t</em><span style="color: rgb(0, 0, 0); background-color: transparent;"> his professional calling, he transitioned to the security and cybersecurity space — now, he’s accrued 25 years of experience in the field.&nbsp;</span></p><p><span style="color: rgb(0, 0, 0); background-color: transparent;">After being introduced to risk quantification in 2003 as part of the National Security Agency’s INFOSEC Assessment Methodology, Dustin hasn’t looked back.&nbsp;</span></p><p><span style="color: rgb(0, 0, 0); background-color: transparent;">As LogicGate’s Principal GRC Architect, he focuses heavily on how risk quantification can help obtain consistent risk findings that are accurately defined in monetary terms.</span></p><p><span style="color: rgb(0, 0, 0); background-color: transparent;">In this episode of GRC &amp; Me, Dustin breaks down why organizations have much to benefit from adopting risk quantification practices to better assess, manage and respond to risk. Plus, it helps organizations better prioritize the activities that require more attention and investments.</span></p><p><span style="color: rgb(0, 0, 0); background-color: transparent;">“It makes it very easy to compare risk mitigation activities and whether they do risk acceptance or transfer risk, based on the amount of impact that that risk has to the business,” explains Dustin,” which allows organizations to “see if it makes sense to go in one direction versus another.”</span></p>
Dustin's background in GRC
00:49 MIN
What is risk quantification?
00:55 MIN
Business impact of risk quantification
01:36 MIN
Financial impact of risk quantification
03:01 MIN
Clear benefits
00:47 MIN
How COBOL classes lead to Dustin's love of Risk Cloud
02:25 MIN


GRC Highlights 

💻 What is risk quantification, anyway? According to Dustin, it’s the way to a more efficient future with risk management. Rather than use the traditional red, yellow or green status indicators that often lack context, risk quantification allows organizations to accurately identify and express risk findings through any form of currency — that way, “Everybody can be consistent about what those findings are telling them and what it means from a business impact,” explains Dustin.

💻 Besides the fact that dollar impact is quite simple for business leaders to grasp, Dustin says the importance of quantification to a risk program lies in its ability to provide risk findings on a consistent basis. Plus, it’s easier for organizations to assess and compare risk mitigation activities, prioritize the activities they need to pay attention to, not to mention adapt to quantifiable risk practices that enable more effective responses to risk.

💻  Cohesive and holistic risk management wins every time: Without risk quantification, organizations can’t access the benefits of managing risk on a single platform or across multiple categories. Here’s why that matters: According to Dustin, working with consistent definitions and formulas to calculate risk simplifies your ability to create an integrated risk view. On top of that, “Organizations are going to find it easier to understand what that information is telling them,” shares Dustin. “They can start applying that to various aspects of their business that they may not have been doing before.”

💻 Two key benefits of risk quantification? Agility and adaptability. With the ability to acclimate and adjust quicker, organizations can quantify risk on a consistent basis, which enables them to make speedy, yet informed decisions. Here’s why: Because they don't have to stop and interpret the results, Dustin highlights that “the results are the results, and they're in dollars and cents and they're clearly laid out.”

💻 With a passion for technology and risk, Dustin went from an undergraduate degree in computer information systems to security and cybersecurity. Luckily, this mixed education afforded him the opportunity to evaluate GRC platforms — especially “adaptable and flexible” ones like LogicGate’s Risk Cloud with an expert understanding of “how to piece together the logic of how that particular platform is operating.”