I need some advice on a best practice modell to establish a quantitative risk assessment.
Thanks in advance.
Check out the FAIR (Factor Analysis of Information Risk) model: https://www.fairinstitute.org/fair-risk-management
The FAIR book (Measuring and Managing Information Risk: A FAIR Approach) has previously been listed as a suggested reference for the CISSP-ISSAP exam.
@AlecTrevelyan @tpfeiffer If you are a member of the Open Group, you will find the FAIR methodology can be studied and you can obtain certification via the Open Group too.
Hope this helps?