Applying Quantification to NISTIR 8286

Why Should You Attend:

The NISTIR 8286 describes the process of developing a cyber risk management program from the enterprise risk register. It can assist business boards to assess the sufficiency of their cyber risk programs. This webinar explains how to apply the NIST standard NISTIR 8286 to address this requirement through step-by-step instructions and practical hands-on examples using the Australian regulatory framework, APRA CPS 234, as a case study.

1. Do you need to explain sufficiency of the cyber risk program to the board?
2. Is your cyber risk program part of ERM and managed according to the corporate risk appetite statement?
3. Are you confident your supplier is compliant with your CPS 234 obligations?
4. Do you want to learn how to drive 'good risk' to deliver tangible value from the cyber risk program?
5. Want to learn how to transition from qualitative risk analysis to quantitative risk analysis in order to measure sufficiency of the cyber risk program.

By attending this webinar, you will learn the key concepts to address the above cyber risk management challenges through step-by-step instructions and practical hands on examples.

Areas Covered in the Webinar:

• The history and structure of APRA CPS 234 standard
• Mapping to guidance in APRA CPG 234
• Reporting and notification requirements
• Materiality considerations
• 3rd party service providers compliance requirements
• Introduction to NISTIR 8286 - connecting cybersecurity to Enterprise Risk Management (ERM)
• Managing cyber risks in accordance with Risk Appetite Statements
• Understand Risk Appetite and Risk Tolerance
• Quantifying Risk Appetite Statement using the Open Group FAIR Cyber Risk Quantification framework
• Practical case studies

Who Will Benefit:

• Chief Risk Officer (CRO)
• Chief Information Officer (CIO)
• Chief Information Security Officer (CISO)
• IT Manager
• IT Risk Manager
• IT Risk Analyst
• IT Auditor
• IT security administrator
• Supply Chain Risk Manager
• Risk Compliance Officer

Denny Wan
Founder and Co-chair, FAIR Institute

Denny Wan is a recognized cyber security expert specializing in the NIST endorsed Open Group FAIR (Factor Analysis of Information Risk) cyber risk quantification framework. He is a certified ISO27001 Lead Auditor, PCI QSA and CISSP. FAIR analysis expresses cyber risk in financial terms, enabling the business board to assess the sufficiency of their security capabilities as required under APRA CPS 234. Denny extends his FAIR experts to apply to the NISTIR 8286 standard, empowering risk managers to connect cybersecurity to Enterprise Risk Management. This approach is also useful for managing 3rd party supplier risks under APRA CPS 234. He is the founder and co-chair of the Sydney Chapter of the FAIR Institute and Australian. His expertise in IT security audit and cyber risk quantification enables him to create a balanced approach in tackling the compliance challenge of APRA CPS 234 from a business perspective.

Follow us :