This repository contains an Excel workbook example, QuantRiskAnalysis.xlsx
, that demonstrates the basic principles of quantitative risk analysis tailored for cyber security decision-making. The workbook is designed to be used with the XLRisk
plugin, a powerful tool for performing statistical analysis directly within Excel. The plugin is necessary for calculating distributions and conducting Monte Carlo simulations, which are integral to understanding and managing cyber security risks quantitatively.
This document showcases how to apply quantitative risk analysis in a cyber security context using Excel and the XLRisk plugin. The workbook is structured into several sheets, each serving a specific purpose in the risk analysis process:
- Distribution Reference: Lists statistical distributions along with their parameters, descriptions, and cyber security-related example scenarios. This sheet serves as a foundation for understanding the distributions used in the analyses. Basic Use Scenario: Provides real-world cyber security scenarios where quantitative risk analysis is applicable, demonstrating how to frame and approach security decision-making quantitatively.
- Basic Use Calculations: Details the calculations required to perform risk analysis, leveraging the functionalities provided by the XLRisk plugin.
- Basic Use Analysis: Offers guidance on analyzing the quantitative data derived from the calculations to make informed security decisions.
- Basic Use Monte Carlo Results: Displays the results of Monte Carlo simulations, illustrating the variability and probabilities of different outcomes in cyber security risks.
- XLRisk: A page generated by the XLRisk plugin for use by the plugin.
- Microsoft Excel.
- The XLRisk plugin, which can be found and installed from here.
- Ensure you have Microsoft Excel installed on your computer.
- Install the XLRisk plugin following the instructions on its GitHub page.
- Download the QuantRiskAnalysis.xlsx workbook from this repository.
- Open the workbook in Excel and enable macros if prompted, as XLRisk functions may require them.
Contributions to improve ExcelQuantRiskForInfosec are welcome. Whether it's adding new scenarios, enhancing the calculations, or improving the documentation, your input is valuable.