Analysing risk always involves a degree of subjectivity and associated uncertainty. In this session we focus how to estimate that uncertainty and how to reduce it - two essential activities in quantitative risk analysis. We do this by reviewing the results of the exercise given at the end of the previous session. We identify some of the obstacles to estimating uncertainty and show how you can be calibrated to overcome these obstacles and make better estimates.


Date: Thursday 20 August 2020

Time: 12:30 – 13:30

Cost: FREE

Target Audience

Anyone involved in security or risk analysis for IT, including CIOs, CISOs, CTOs, IT security managers and ISO 27001 auditors.

Learning Outcomes

You will leave with an appreciation of the importance of being able to make subjective estimates with a high and measurable degree of certainty. You will learn that you can improve those estimates through a process of calibration.

About the Presenters

Doug Hubbard

Doug Hubbard is the CEO of Hubbard Decision Research which he founded in 1998. It provides consultancy and training in quantitative methods to support decision making. He is the creator of

AIE (Applied Information Economics) whose principles underpin this quantitative approach. These methods have been adopted by businesses across many sectors and by government organizations.

Doug started his career as a management consultant at Coopers and Lybrand after gaining his MBA in 1988. As well as providing management consultancy, he is a sought-after speaker and the author of a number of books, including The Failure of Risk Management: Why It’s Broken and How to Fix It, How to Measure Anything: Finding the Value of “Intangibles” in Business and How to Measure Anything in Cybersecurity Risk. The first two books are now set texts for exams for membership of the Society of Actuaries. His articles and research have also been published in a number of periodicals and learned journals, including Nature.

Fred Hickling

Fred Hickling is a cybersecurity consultant and a QA associate trainer. Over the years, he has become aware of how little quantitative IT risk assessment is done in the UK. Introduced to Doug

Hubbard’s work last year, he appreciated the extent to which this lack was a problem, as well as a way to fix it. He introduces this event - a step in bringing the benefits quantitative risk assessment to the attention the IT professionals in the UK.

Fred is a director of Networks and Systems Ltd, as well as being a non-executive director of another company not in the IT sector. He has numerous industry certifications, including CISSP, CISM, CISMP and CCISO, as well as several physics degrees.