Risk Tolerance Curve suggestion #34
Labels
enhancement
New feature or request
Comments
|
Found also an interesting tutorial here all in python: |
|
From an API perspective, how do you see this working? I.e. how does an analyst define this curve? t_curve = np.polyfit(
[100, 1_000, 10_000],
[1, .2, .1],
3
)
fsr = FairSimpleReport([model_1, model_2))
fsr.add_tolerance_curve(t_curve)
fsr.to_html('output.html') |
|
Hi @theonaunheim yes that would work! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is not strictly required by the FAIR methodology but would be a nice addition.
Typically a CISO will draw the LOE for the inherent and residual risk, he will then ask his CTO/CEO/CFO to provide a few data points to build a risk tolerance curve.
An example from PAN talk is here:
The tolerance curve will be interpolated from the few datapoints (the user should choose from linear, expo or polynomial) provided.
The tolerance curve should then be intersected with the other two to find out the break out points.
Would be wonderful to have a class to inject such LOE from input data.
Cheers!
The text was updated successfully, but these errors were encountered: