Vicky Ames, Director, Information Security, Marriott International

To Quantify Risk, Assess Potential Loss Events

  • A risk assessment methodology that analyses loss events in terms of dollar amounts can help quantify the risks a business faces.
  • Dollar figures provide a common point of reference for security professionals and executives when conducting risk assessments.

“We security professionals get very excited by the latest outbreak that’s going on, but what the executives really need to understand is, ‘What’s my dollar exposure here?’”

As an accomplished information-security professional with more than 17 years of experience in the field, Vicky Ames believes that it’s important for chief information security officers (CISOs) to make sure that they understand the business, how it operates, and its regulatory environment. “Security should be the group that is enabling business, and you can’t enable a business until you understand the nature of that business,” she explains. “So understand your revenue streams and understand what is critical up at that level so you can tie that back to what you can deliver. That way, you understand what will be most important from an organizational risk perspective.”

This is an excerpt from 7 Experts on Justifying Security Spend. The eBook was generously sponsored by Nehemiah Security.