Elevating the Language of Cyber Risk and Avoiding the Whisper Syndrome

Presented by

Fraser Scott - VP Product, IriusRisk

About this talk

In this edition of IriusRisk’s Threat Modeling Club Live! we discuss the importance of a commonly agreed set of terminology and measurement of cyber risk and how that can affect large-scale software development teams and Executive Boards alike. A well-known and often hilarious party game - Whispers - basically involves communicating an idea, thought or phrase along a queue of people from one person to the next and then hearing the end result and how different it was from the original phrase - usually resulting in much hilarity and amusement! But in the world of cyber security and risk misinterpretation of valuable information often leads to an underestimation of the real risk - particularly at CIO / CISO level when - as is quite often the case - a Common Vulnerability Scoring System (CVSS) is often misused to represent Threats. Perhaps it's time for a clearer definition of Cyber Risk and also a newer set of dimensions and metrics to consider? Join Fraser Scott (VP of Product, IriusRisk) and Izar Tarandach - Principal Security Architect, Squarespace, and renowned author/contributor and Brook Schoenfield (Author and AppSec Diplomat) for what promises to be a great fireside discussion on the importance of building a common understanding and lexicography of Cyber Risk. Presenters: Fraser Scott - VP of Product, IriusRisk Izar Tarandach - Principal Security Architect, Squarespace Inc. Brook Schoenfield - Author

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (10)
Subscribers (628)
IriusRisk is the industry's leading threat modeling and secure design solution in Application Security. With enterprise clients including Fortune 500 banks, payments, and technology providers, it empowers security and development teams to ensure applications have security built-in from the start - using its powerful threat modeling platform. Whether teams are implementing threat modeling from scratch, or scaling up their existing operations, the IriusRisk approach results in improved speed-to-market, collaboration across security and development teams, and the avoidance of costly security flaws.