Wednesday, September 25, 2013

I'm presenting at SIRAcon Oct 21, Seattle WA

SIRAcon - registration
Monday, October 21, 2013

Bell Harbor Conference Center
Pier 66
Seattle, WA 98121

You won't find any conference with a higher concentration of bright, forward-thinking InfoSec risk folks than SIRAcon.


Title: Big ‘R’ Risk Management (the “Modern Approach”) — From Concept to Pilot Implementation

Big ‘R’ Risk Management is also known as the Modern Approach to Operational Risk.  It’s a very different approach to probabilistic risk analysis.  Instead of trying to quantify the risk of individual threat + vulnerability + consequence combinations, the focus is on quantitative estimation of the factors that drive aggregate risk at a business unit or enterprise level.  While it’s been described in concept,  there isn’t much information on implementation.

As introduction, the presentation will start with an overview of the Modern Approach and the generic steps in the analysis and decision-making.  The rest of the presentation will be a walkthrough of one or two illustrative cases to show how it would be implemented in practice, especially in a pilot or a proof-of-concept.

The main takeaway will better understanding of the viability of the Modern Approach and practical guidance on how to get started on it via a pilot implementation.

No comments:

Post a Comment