Overview
Explore a FAIR-based approach to identifying meaningful key risk indicators (KRIs) in this 43-minute RSA Conference talk. Learn how to distinguish effective metrics from noise-generating ones in risk management. Discover the characteristics of good KRIs and see how sensitivity analysis can be applied to risk quantification. Through case studies and practical examples, understand how to leverage FAIR (Factor Analysis of Information Risk) methodology to improve your risk assessment and continuous monitoring processes. Gain insights into analyzing data breaches, authentication controls, and vulnerability management. Examine the concept of risk appetite and its role in metric selection. By the end of the session, acquire the knowledge to develop more impactful risk dashboards and make informed decisions about resource allocation in your organization's risk management efforts.
Syllabus
Introduction
The Problem of Metrics
FAIR Based Approach
Poll Question
Classic Slide
Risk
Data Breach
What is Risk
Risk Indicators
Robert Stroud
Case Studies
The Process
Risk Slide
Histogram
Fair Institute
Case Study 1 Death by 1000 Cuts
Case Study 1 Baseline Estimate
Case Study 2 Authentication Control
Case Study 2 Analysis
Vulnerability Controls
LossExceedance
Threat Capabilities
Comparing Leverage
Analysis
The Promise Dashboard
Key Factors
Sonny
Eckerd
Do your metrics indicate risk
Recap
Homework
Risk Appetite
QA
Denial of Service
Taught by
RSA Conference