Elevating the Language of Cyber Risk and Avoiding the Whisper Syndrome

In this edition of IriusRisk’s Threat Modeling Club Live! we discuss the importance of a commonly agreed set of terminology and measurement of cyber risk and how that can affect large-scale software development teams and Executive Boards alike. A well-known and often hilarious party game - Whispers - basically involves communicating an idea, thought or phrase along a queue of people from one person to the next and then hearing the end result and how different it was from the original phrase - usually resulting in much hilarity and amusement! But in the world of cyber security and risk misinterpretation of valuable information often leads to an underestimation of the real risk - particularly at CIO / CISO level when - as is quite often the case - a Common Vulnerability Scoring System (CVSS) is often misused to represent Threats. Perhaps it's time for a clearer definition of Cyber Risk and also a newer set of dimensions and metrics to consider? Join Fraser Scott (VP of Product, IriusRisk) and Izar Tarandach - Principal Security Architect, Squarespace, and renowned author/contributor and Brook Schoenfield (Author and AppSec Diplomat) for what promises to be a great fireside discussion on the importance of building a common understanding and lexicography of Cyber Risk. Presenters: Fraser Scott - VP of Product, IriusRisk Izar Tarandach - Principal Security Architect, Squarespace Inc. Brook Schoenfield - Author