Implementing a Quantitative Cyber-Risk Framework - A FinSrv Case Study

Explore a comprehensive quantitative cyber-risk framework implemented by TIAA in this 48-minute conference talk from RSA Conference. Dive into the scalable framework that bridges granular assessments with business-level aggregate risk reporting. Learn about policy development, standards implementation, configuration baselines, risk quantification techniques, and integration with operational risk management (ORM) and enterprise risk management (ERM) processes. Discover how to effectively engage with project lifecycles and avoid common pitfalls in cyber risk management. Gain insights into the relationship between risk assessment and management action, and acquire practical tools and techniques to implement in your organization. Follow the journey from the framework's inception to its practical application, including discussions on risk appetite reporting, operational risk integration, and the history of cyber risk quantification. Walk away with key takeaways to enhance your organization's cyber risk management strategy.