Slovak Arrow – from asset protection to risk analysis and management, from qualitative charlatanism to quantitative assessment (7 min)
The Czech-Slovak QICS community responded to this European first with an article entitled ‘Slovak Arrow’. The presentation and subsequent discussion will briefly outline how to bring cyber risk work to a level of management and decision-making that is understood by both the CFO and the CEO, as well as what the profession of a CRQ specialist entails.
We often measure cyber risks with color-coded tables, but they can lead us astray. The talk showed why it’s worth setting the compass by mathematics and moving to quantification in euros and time. The “Slovenská strela” also appeared as a metaphor, reminding us that bold innovations can come from where we don’t expect them. If you instinctively sense that your cybersecurity has room for improvement, start with basic hygiene. Begin by implementing inexpensive, proven controls—such as the CIS Critical Security Controls (IG1)—if they cost less than a thorough risk analysis. Alongside that, make simple, qualitative considerations about threats and impacts in your environment. The goal, however, is to gradually move to expected annual loss expressed in euros, that is, to numbers that enable better decisions.From hygiene to numbers: where to start
