March 27, 2020

422 words 2 mins read

veeral-patel/awesome-risk-quantification

veeral-patel/awesome-risk-quantification

A collection of awesome projects, blog posts, books, and talks on quantifying risk

repo name veeral-patel/awesome-risk-quantification
repo link https://github.com/veeral-patel/awesome-risk-quantification
homepage
language
size (curr.) 5 kB
stars (curr.) 303
created 2020-03-31
license

Awesome Risk Quantification

Risk quantification attempts to assign numeric values to risks, instead of qualitative labels such as “Critical” and “High”.

Doing this makes it easier to prioritize the different risks we need to mitigate. Also, “you can’t improve what you can’t measure”!

This repository focuses primarily on cybersecurity related risks.

Open Source Projects

  • Raven - a “flexible and multi-purpose uncertainty quantification, regression analysis, probabilistic risk assessment, data analysis and model optimization framework” from the Idaho National Laboratory
  • riskquant - a library for computing risk, using different distributions, from Netflix
  • evaluator - R package for quantitative risk assessment, based upon OpenFAIR
  • collector - R package for “conducting quantitative risk assessment interviews”

Blog Posts and Papers

Books

Talks

  • Quantifying Risk by Markus De Shon (2020) - walks through the process of measuring risk, from identifying threats and assets to guessing frequency and magnitude (in terms of money)
  • Forecasting, Browsers, and “In The Wild” Exploitation by Ryan McGeehan (2019) - Ryan forecasts the probability of a Chrome zero day being exploited in the wild in a certain month
comments powered by Disqus