![Infopro Digital Events [EB8]](/sites/default/files/styles/site_logo/public/2020-06/RT-logo-new-EB8_0.png?itok=plaVlRZp){kind=logo}
Agenda
Agenda
Cyber Risk Modelling | Agenda
08:45 – 09:00
Registration
09:00 - 10:00
09:00 – 10:00
The connections between cyber risk, risk management and governance
09:00 - 10:00
- How does cyber risk fit into risk management?
- Is cyber an inherent risk or vector for other risks?
- Connectivity with conduct risk, RRP, ERM
- Establishing a leading cyber risk management capability
- Financial stability board’s lexicon for cyber risk
- Stricter EBA guidelines
- How do you develop risk appetite limits for cyber security risks
10:00 – 11:00
Integrating cyber risk and IT
09:00 - 10:01
- Setting up risk subcommittees; addressing technology, IT, cyber risk & data governance
- How to identify the latest threats and vulnerabilities
- Working with technologists
- Accommodating new technologies into your cyber risk strategy
- Integrating IT risk as part of the GRC strategy
- How do IT risks fit in the context of the business?
- Data aggregation and intelligence gathering tools to address cyber security risks
11:00 – 11:15
Morning break
09:00 - 10:00
11:15 – 12:15
Creating an efficient and usable cyber risk program
09:00 - 10:00
- Best place to start
- Instilling security of culture and building cyber into core management processes
- Creating a system that maintains daily usability
- Dealing with the increasing price of cyber security
- Potential for automation
12:15 – 12:15
End of Day 1
09:00 - 10:00
09:00 – 10:00
Introduction to using FAIR
09:00 - 10:00
- Goals of risk management
- How qualitative analysis fails
- What is FAIR?
- How is FAIR different from qualitative methods?
- What additional value does it bring?
- The risk management stack
- Example analyses
10:00 – 11:00
Flaws of Qualitative Analysis
09:00 - 10:00
- Subjectivity/Differing interpretations
- Theory of Levels of Measurement
- Illogical conclusions drawn from heat maps
- False precision/undeclared uncertainty
- Defining the requirements for risk analysis methods
11:00 – 11:15
Morning break
09:00 - 10:00
11:15 – 12:15
Fundamental Concepts of Quantitative Risk Analysis
09:00 - 10:00
- Accuracy vs. precision
- Prediction vs. possibility vs. probability
- Objectivity vs. subjectivity
- Making estimates for the FAIR model
- Calibrated estimation instruction and activities
- Variable decomposition
- Monte Carlo simulation
12:15 – 12:15
End of Day 2
09:00 - 10:00
09:00 – 10:00
Example Analysis: Ransomware
09:00 - 10:00
- Six forms of loss
- Interpreting the results of FAIR analysis
- Categorizing controls according to the OpenFAIR Standard
- Accounting for controls in FAIR analysis
- Building a business case for control investment
10:00 – 10:15
Morning break
09:00 - 10:00
10:15 – 11:15
The Risk Analysis Process
09:00 - 10:00
- Scoping scenarios for analysis
- Collecting data and estimates
- Conducting quality assurance
- Presenting results, including histograms and loss exceedance curves
- Case Study
11:15 – 11:15
End of course
09:00 - 10:00