Abstract:
Most privacy risk assessment methodologies are homegrown and qualitative. Numerical models generally involve largely arbitrary quantifications. FAIR, a quantitative risk model for information security related risks, can be modified for privacy, providing more meaningful measurements and supporting comparison of risks of similar scenarios with varying controls to organizational tolerances.
Published in: 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
Date of Conference: 06-10 September 2021
Date Added to IEEE Xplore: 29 October 2021
DOI: 10.1109/EuroSPW54576.2021.00043
Publisher: IEEE
Conference Location: Vienna, Austria