Calculating the Effect of NIST CSF Maturity Levels on Risk Reduction with Birdseye™ CRQ Simulator Whitepaper

Quantify Risk More Accurately with Birdseye™ CRQ Simulator.

This Whitepaper presents a simple method of Monte Carlo simulation for calculating the risk reduction effect of Maturity Level on preventive cybersecurity controls, comparing the legacy risk simulation approach to the new Birdseye™ CRQ simulator approach, which provides a method for mapping Birdseye assessment results to offer suggested values for Vulnerability and Difficulty.

Calculating the effect of the NIST CSF Maturity Levels on risk is an excellent demonstration of the similarities and differences between models of preventive cybersecurity controls. However, the legacy approach to risk simulation, i.e.,the “Resistance Strength” calculation with Difficulty modeled as a binary Control Element, allows the calculated residual risk to exceed inherent risk.

Download the Whitepaper to learn how the Birdseye™ CRQ Simulator can easily be used to calculate the effect of NIST CSF Maturity Levels on risk reduction using its optional simulator setting that provides two alternative ways of modeling the “Resistance” vs. the “Resistance Strength” of preventive security controls to ensure that residual risk can never exceed inherent risk.

Benefits of the Birdseye™ CRQ Simulator include:

• Complete Open FAIR™ Ontology for ease of use

• Unlimited threat scenarios and simulations specific to industry segment and organization size

• Granular resistance risk factors to determine more accurate ROI to prioritize budget and aid in decision-making