Hi [[ session.user.profile.firstName ]]

Quantifying Cyber Risk: Bits and bytes to dollars and cents

addressing this threat and how they are managing the risk of a data breach. Leveraging the Factor Analysis of Information Risk (FAIR) Methodology, organizations can simplify the concepts of cybersecurity, analyze and express risk in terms of dollars and probabilities, and provide clearly defined business cases to prioritize and treat cybersecurity risks. We will provide an overview of the FAIR methodology, as well as tips for maturing your organization’s approach to quantifying cybersecurity risk.
Live online Oct 13 3:00 pm UTC
or after on demand 60 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Daniel J. Stone, Senior Manager at Protiviti
Presentation preview: Quantifying Cyber Risk: Bits and bytes to dollars and cents

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Novel File-level Encryption and Regulatory Compliance Dec 4 2020 3:00 pm UTC 60 mins
    Daniel H. Gallancy, CEO, Dimitri Nemirovsky, COO at Atakama
    State and federal cybersecurity regulations are expanding and becoming increasingly more onerous. Whether your company is trying to comply with California's CPA, New York's DFS cybersecurity requirements, GDPR, etc., granular file-level encryption solutions will help you get there and please your regulators in the process.
  • Privacy Certifications and what you need to know Nov 10 2020 3:00 pm UTC 60 mins
    Justin Orcutt (RMG Specialist) and Joe Meyer (Director of Privacy Services) both from NCC Group.
    For the past several years privacy has been a major area of focus for companies. Ever since GDPR came into force companies are starting to realize privacy is not joke. Privacy is not something you can easily bolt on to a product and typically requires a team to test and verify that privacy is properly in place. Certifying your privacy program can help your company demonstrate your company’s commitment to privacy but also provide a mechanism to standardize. Today there are two main certifications associated with privacy APEC CBPR and ISO22701. During this event we will answer the following questions:

    o What is APEC CBRP and ISO27701?

    o Who is in scope for these certifications?

    o What is the difference between the two?

    o Common challenges implementing?

    o What about HIPAA and all the state regulations; how do those pay into the privacy certification landscape?

    o What do these certifications mean for your third party risk management program?
  • You CAN get there from here! Nov 5 2020 5:00 pm UTC 60 mins
    Maryann Douglass, CISM, CISA, QSA, PCIP - Senior Consultant Sherri Collis, QSA, CISSP, CISA - Director, PCI Services Rosemary
    Guide women through process to align current strengths and responsibilities to Cyber security job requirements. Establish a path to reach their goal to move into a new Cyber Security position.
  • A Risk-Based Management Approach to 3rd Party Data Security, Risk and Compliance Oct 21 2020 4:00 pm UTC 60 mins
    Robert Putrus- CISM, PMP, PE, CMC, CFE
    The presentation describes process guidelines and framework for the enterprises’ board of directors and senior management teams to consider when providing oversight, examination and risk management of third-party business relationships in the areas of information technology, systems and cyber security.

    The methodology is based on examining third-party vendors against the development of a three-dimensional risk-based model. The final deliverables of the risk impacts, findings, enterprise requirements, and remediation are presented quantitatively.

    A number of professional surveys reported that significant data breaches are linked directly or indirectly to third-party access. Outsourcing certain activities to a third-party poses potential risk to the enterprise.
  • Quantifying Cyber Risk: Bits and bytes to dollars and cents Oct 13 2020 3:00 pm UTC 60 mins
    Daniel J. Stone, Senior Manager at Protiviti
    addressing this threat and how they are managing the risk of a data breach. Leveraging the Factor Analysis of Information Risk (FAIR) Methodology, organizations can simplify the concepts of cybersecurity, analyze and express risk in terms of dollars and probabilities, and provide clearly defined business cases to prioritize and treat cybersecurity risks. We will provide an overview of the FAIR methodology, as well as tips for maturing your organization’s approach to quantifying cybersecurity risk.
  • Cloud Breach Incident Response & Forensics Oct 7 2020 4:00 pm UTC 60 mins
    Mike Raggo, Cloud Security Engineer at CloudKnox Security
    Cloud breaches are on the rise, and none of these breaches are small. Understanding the TTPs is key to determining where to look among the plethora of services available through Cloud Service Providers such as AWS and Azure. In this session we'll enumerate sources of forensic evidentiary data among the vastness of AWS Cloudtrail, GuardDuty, Microsoft Graph, and more. A very clearly defined methodology will be provided as a baseline for combing through this data in a precise and expedited way. Examples from real world breaches will be highlighted providing practical approaches to exposing the attacker's methods and compromise.
  • M&A and Cybersecurity: The Intersection of Risk and Opportunity Sep 29 2020 1:00 pm UTC 60 mins
    Justin S. Daniels, Cybersecurity SME and Lawyer at Baker Donelson
    Phishing is the favorite attack vector as it typically leads billions of dollars of wire fraud every year. Lets take a real world scenario and learn how to protect your network from phishing. Since it only takes one phish to ruin your day, we also discuss what do to when a phish leads to a fraudulent wire.
  • Voluntary Compliance: Change Management in InfoSec Sep 23 2020 3:00 pm UTC 60 mins
    Jonathan McCoy, Organizational Strategist
    Information Security is critical and employees know that, yet the #1 security threat to companies is people. How do we help employees close the Knowing / Doing gap? Mandates only get companies so far and traditional change management isn’t much help. This discussion will share proven strategies backed in neuroscience that help get people aligned, engaged and moving towards new directions.
  • Critical Steps to Build Operational Resilience Recorded: Sep 15 2020 63 mins
    Patrick Potter, Risk Strategist at RSA
    Cyberattacks have been the number one risk on almost every organization’s agenda – and these attacks are becoming more pervasive, sophisticated and creative. The global health crisis has brought on new disruptions with people, public and private infrastructure, economies and third parties. Combatting these risks requires more than security measures. Responding to them requires more than incident response. Recovering from them requires more than business and IT recovery plans. Dealing proactively and effectively with today’s disruptions demands an approach that combines security and resiliency, business and IT, incident and crisis response, risk and third-party management – it requires Operational Resilience.

    Attend this session to learn:
    1. What the digital transformation is and how it is impacting the operational resilience of organizations
    2. The risks and challenges of building operational resilience
    3. What resilient organizations can do to deal effectively with disruptions, and not only survive – but thrive

    All attendees will receive a copy of the new RSA white paper, Key Principles in Building Operational Resiliency.
  • What you need to know about CMMC Recorded: Sep 1 2020 62 mins
    Justin Orcutt (RMG Specialist) and Jeff Roth (Director of Government Services) both from NCC Group.
    The Cybersecurity Maturity Model Certification (CMMC) is a new framework that requires Department of Defense (DoD) contractors to certify their security against one of five levels using an independent third party auditor. During this presentation we will cover:
    oWhat is the CMMC
    oWho has to Comply
    oWhat is the timeline for compliance
    oCommon challenges implementing compliance
    oLessons learned for the commercial market regarding supply chain risk and vendor risk management
  • Securing Open Source Software Recorded: Aug 28 2020 61 mins
    Rebecca Finnin, Director CyberSecurity at AT&T
    This talk will outline an actionable approach to inventory and secure the use of open source software within enterprise applications.
  • 10 Steps to Modernize Compliance Management Recorded: Aug 26 2020 62 mins
    Marshall Toburen, CIA, CISA, CFSA (non-practicing) Risk Management Strategist RSA | A Dell Technologies Company
    Organizations today face thousands of internal and external compliance obligations ranging from Privacy to Financial Reporting regulations, industry standards, policies and control procedures, and customer and third-party contractual obligations. The volume of regulations is overwhelming and constantly changing while compliance management resources are scarce and increasingly expensive. Organizations must find a way to manage compliance more efficiently, and at lower cost, while still being able to provide positive assurance to all stakeholders that compliance programs are designed and operating effectively. This virtual presentation will provide practical and proven steps that organizations can implement to capture efficiencies and cost savings from their compliance programs while retaining the ability to demonstrate the design and effectiveness of their program.

    Learning Objectives
    •Identify the current state of the compliance landscape and challenges facing today’s top organizations
    •Identify proven methods to meet compliance demands, while employing digital transformation in the management of compliance obligations
    •Learn about existing and emerging technologies that can help compliance management programs
  • Crypto-Agility, the cure for Quantum fears Recorded: Aug 20 2020 59 mins
    Stan Mesceda, Sr. Product Manager at the Thales Group
    As advancements in quantum computing are made, the quantum threat continues to grow. Most security professionals believe it is only a matter of time before today’s security algorithms become obsolete. Join this talk to learn how crypto-agility can be used to provide long term data security and quantum safe cryptography.
  • Hiring Outlook: How to Recruit, Manage and Succeed in Security Recorded: Aug 19 2020 51 mins
    Will Walker Assistant, Vice President - Division Director at Robert Half Technology
    Understanding the hiring outlook and how be succeed in this new environment.
  • Are you prepared to do business with the US government? Recorded: Aug 17 2020 47 mins
    Dr. Nazeera Dawood, Co Founder & President @ Vendorship Inc.
    We will discuss the what , when , who & where of government contracting. The objectives would be to educate firms on doing business with the government:

    1. Opportunities
    2. Obstacles
    3. Laying the foundation
    4. Government trends during Covid 19
    5. Resources & Collaborative opportunities
  • Making Phishing Training Fun Recorded: Aug 5 2020 61 mins
    Nick Santora, CISA, CISSP - CEO of Curricula
    Most employees tune out in 'death by PowerPoint' security awareness training and try to simply complete their required training as quickly as possible. That's not very helpful when you're relying on them to help protect your organization from cyber attacks. In this session, Nick Santora, CEO of Curricula, will discuss how you can make training fun, relatable, and have employees apply critical thinking to make better security decisions.
  • Practical Data Security and Privacy Recorded: Jul 29 2020 63 mins
    Ulf Mattsson
    The data privacy landscape is changing. There is a need for privacy models in the current landscape of the increasing numbers of privacy regulations and privacy breaches. Privacy methods always use models and it is important to have a common language and privacy models when defining privacy rules.
    Businesses have been inundated with information on what recent privacy laws like GDPR and CCPA require, but many are still trying to figure out how to comply with them on a practical level. The new Verizon Data Breach Investigations Report (DBIR) provides perspectives on how Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value.

    This session will discuss practical recommendations to find the right practical balance between compliance, security, privacy, and operational requirements for each type of data and business use case. This session will also discuss Data Protection for Hybrid Cloud and review Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation.
  • Understanding & Achieving CMMC Compliance Recorded: Jul 22 2020 55 mins
    Tony UV, CEO at VerSprite
    Presentation will walk thru NIST 800-171 compliance and discuss the DoD's Cybersecurity Maturity Model Certification (CMMC) audit program. Attendees will have answers to the common questions of what CMMC is, how CMMC relates to NIST 800-171 and cover the 5 compliance levels supported by the model.
  • Building a Foundation for Effective GRC in Your Organization Recorded: Jul 21 2020 59 mins
    Antonio Newman, IT Risk & Compliance Technology Director at State Farm
    Building a Foundation for Effective Governance, Risk & Compliance in Your Organization.
  • 5G: Breakout or Break-in Technology Recorded: Jul 16 2020 64 mins
    Sam Aiello, Principal Security Solution Architect- Verizon
    The impact of 5G technology continues to expand. Today’s cyberattacks can already evade mobile network security, and simply making legacy security run faster is not an effective strategy. Complicating the picture is that the 5G security architecture has been designed to integrate 4G equivalent security into the 5G system bringing with it its own set of vulnerabilities.
    As operators densify their networks, 5G will significantly affect both the wireless and wireline side of the network infrastructure and this evolution further expands the threat landscape by increasing the number of intrusion points.
    A more intelligent and powerful network infrastructure known as Mobile Edge Compute (MEC) is taking hold. It’s the concept of a cloud-based application or service not necessarily needing to pass through a cell tower on its way back to a cloud data center but runs entirely within the cell making local security all that more important.
Creating meaning engagements for out membership
Welcome to the ISACA Atlanta Chapter web site. The aim of our Chapter is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help further promote and elevate the visibility of the IT audit, risk, control and security professions throughout the local area.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Quantifying Cyber Risk: Bits and bytes to dollars and cents
  • Live at: Oct 13 2020 3:00 pm
  • Presented by: Daniel J. Stone, Senior Manager at Protiviti
  • From:
Your email has been sent.
or close