stods21
commented
1 year ago @GuillaumeRoss @ESPLouis -- for RSA, I'm going to close this Issue. I've been back through the paper and I am confident that we have suitable macro-coverage with:
- How does the organization quantify the damage caused by a breach or data security event?
In terms of post-RSA activity, breaking out the various methods of qualifying impact is a really interesting sub-group proposal IMHO
How are we defining impact? Potentially leverage industry reports such as Ponemon report. Back to business impact analysis.
See comment in original doc for placement.
Personal note: I am copy pasting comments and I would never suggest using Ponemon reports and I want the record to show that 😂