 |
The Risk Evolution
Risk Evolution Part I - June 19_2008 Risk Evolution - Part II - July 31_2008
Business management doesn't care about security -- they care about risk. Specifically, they care about how much risk exists and how much they should spend to manage it. This is especially true in the financial industry, where a quantitative mindset is pervasive and where their other risk domains (investment, insurance, etc.) are quantitatively managed. Unfortunately, the information security profession has remained challenged at establishing a quantitative approach to risk that stands up to critical analysis. This two-part series, with speaker Jack Jones, Chief Scientist and Founder, Risk Management Insights, introduces the foundational elements of a practical approach to quantitative risk analysis, measurement, and communication. Invite your peers in and view the on-demand videos to learn what risk is, the factors that drive risk, and the key elements that make up an effective information risk management program. After viewing, you will understand the basic principles of FAIR, the intellectual property released by RMI under the Common Criteria, and have immediate access to resources that will enable you to lay a proven foundation for an effective risk management program.
The Risk Evolution - Part I
The Risk Evolution - Part II
Here is some of the feedback we received from the live webcasts: “The coaching on communicating to management alone was worth the hour I invested. I have been relying too heavily on the numbers.” Paul, IT Security Director “I am going to require my entire team to view both Part I and Part II.” Kevin, Information Security Officer “Nice job. I appreciate the case study approach and look forward to the white paper”. Wendy, CIO
Speaker BIO for Jack Jones, Chief Scientist and Founder, Risk Management Insights As the new CISO for a Fortune 100 financial services company, Jack found himself well prepared to lead an IT security program but highly challenged to lead an information risk management program. The difference between the two -- in practical terms -- boiled down to management support. Executive management would support a risk-focused program. Over the following seven years, Jack spent thousands of hours developing and applying a quantitative risk-based framework that sets a new risk management standard in the industry. His Factor Analysis of Information Risk (FAIR) framework has been lauded by business management and vetted by business risk experts. With the release of FAIR under the Common Criteria, many organizations have begun to apply these risk management principles to significantly improve their information risk management programs. Jack has specialized in information security and risk management for eighteen years. During this time, he’s worked in the military, government intelligence, consulting, as well as the financial and insurance industries. Jack spent over five years as CISO for a Fortune 100 financial services company where his work was recognized at the 2006 RSA Security Conference with ISSA’s Excellence in the Field of Security Practices Award. In 2007 he was selected as a finalist for the Information Security Executive of the Year, Central United States. As an invited member of an international ISACA task force, Jack is helping to develop global standards for IT risk management in the enterprise. He also regularly speaks at national conferences and is the creator and author of Factor Analysis of Information Risk (FAIR). Cisco has engaged Jack's company to analyze the risk reduction benefits of the Self Defending Network and provide insight into the value Cisco security controls provide to risk management programs.
|
 |