Discussion about this post

User's avatar
Tobias Faiss's avatar

D3FEND is certainly a good starting point and to measure Security controls in the field.

When we take tools, processes and people into the equation, I'm a big fan of the SIM3 v2 Assessment by the Open CSIRT foundation: https://sim3-check.opencsirt.org/#

Expand full comment
MC's avatar

Ross...

You were probably in grade school when I had this exact same conversation for the first time in 2008 or so. It isn't a hard problem btw but a large part of the issue is the historical data which is so valuable is not structured and normalized properly in order for this type of use. Much of the underwriting data such as the qual/quant is soft data in application forms and claims files that is not easily extracted.

The data is actually not complex or difficult to model at all. The hard part is getting industry to build a standard after AC$$D is no longer trusted by many including me. I can build a base model in a few days and have built three insurance standards. But where do we go? There has to be a caretaker organization.

Mica

Expand full comment
3 more comments...

No posts