A probabilistic risk model.

Codified expert opinion for faster risk decisions.

A proof of concept by...
Security at Netflix
Security at Netflix
Risk @ R10N

Experts reviewed hundreds of randomized AWS configurations. These experts are familiar with corporate data breaches at large tech companies.



An expert forecasting session recorded the judgements of these experts for each AWS configuration. These are then tranformed into a statistical model representing their beliefs as an entire panel.

The result is a simple model that produces forecasts and mimics panelist opinion when given a configuration. Using this as a reference might help make risk decisions more efficient and less biased.


The risk scenario...

AWS security detects or responds to an incident with this account in 1 year.

Each panelist assumes the accounts they reviewed are the primary production accounts owned by a tech company. They also assume that AWS security or the account owner may escalate the incident, and both may confirm the scenario.

The panelists agreed that for substantial incidents worth measuring, a victim would likely involve the official AWS Security team. They wouldn't need to identify it as a security incident.

How would the panelists forecast your account? 🧐

Please describe the account's configuration...

What's this for?

This tool explores expert opinion solutions for repetitive forecasting situations. A model like this is may be useful when expert opinion is needed for high volume, using any combination of subject matter experts.

You may not find this specific tool useful, but please note the concept is that you can use your own panelists, scenario, and questions to achieve a probabilistic forecast.

The approach is based on concepts documented in simple risk measurement.

Additionally, it is inspired by the Lens Model by Egon Bruinswick, discussion of the model by Principles of Forecasting and practical lens model suggestions from How to Measure Anything in Cyber Security Risk.


Feedback and Discussion

I'm looking for discussion about how this can be more useful! If you are in a slack channel with @magoo, you can message me there, or shoot me a note @magoo on Twitter.