How to Identify Key Risk Indicators (KRIs) for Cybersecurity with Marta Palanques, Steve Reznik, ADP
In this video from the 2018 FAIR Conference, Steve Reznik, Director, Operational Risk Management and Marta Palanques, Director, Enterprise Risk Management for ADP, one of the most advanced quantitative cyber risk management shops, show how to identify and track key risk indicators (KRIs) over time to judge the real success of your inforisk management efforts.
As Marta says, “You can’t be running simulations every day. That’s not practical or useful…KRIs should be helping you figure out if anything has significantly changed since the last time you made a decision, for good and for bad.”
Don’t confuse KRIs with other cybersecurity metrics like unpatched servers, audited vendors or NIST CSF efficacy level, Steve and Marta warn. These indicators should be directly tied to your loss exposure and by adjusting the factors up or down in the FAIR model, you should be able to see potential loss exposure change.
ADP uses the RiskLens Cyber Risk Quantification Platform for FAIR analysis and demonstrated a case study using the Sensitivity Analysis function of the platform to tweak the factors to see the effect on a baseline loss exposure. For instance, a decrease of one percent in vulnerability would reduce loss exposure by the same amount as by responding to an incident 10% faster.
“Sometimes this is eye opening in what is the best strategy to reduce a particular risk,” says Marta. “At the end of the day, the question is which of these risk factors could put you above your tolerance line and those are the ones you want to report on” – your cybersecurity KRIs.
Видео How to Identify Key Risk Indicators (KRIs) for Cybersecurity with Marta Palanques, Steve Reznik, ADP канала FAIR Institute
As Marta says, “You can’t be running simulations every day. That’s not practical or useful…KRIs should be helping you figure out if anything has significantly changed since the last time you made a decision, for good and for bad.”
Don’t confuse KRIs with other cybersecurity metrics like unpatched servers, audited vendors or NIST CSF efficacy level, Steve and Marta warn. These indicators should be directly tied to your loss exposure and by adjusting the factors up or down in the FAIR model, you should be able to see potential loss exposure change.
ADP uses the RiskLens Cyber Risk Quantification Platform for FAIR analysis and demonstrated a case study using the Sensitivity Analysis function of the platform to tweak the factors to see the effect on a baseline loss exposure. For instance, a decrease of one percent in vulnerability would reduce loss exposure by the same amount as by responding to an incident 10% faster.
“Sometimes this is eye opening in what is the best strategy to reduce a particular risk,” says Marta. “At the end of the day, the question is which of these risk factors could put you above your tolerance line and those are the ones you want to report on” – your cybersecurity KRIs.
Видео How to Identify Key Risk Indicators (KRIs) for Cybersecurity with Marta Palanques, Steve Reznik, ADP канала FAIR Institute
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![Developing Key Performance Indicators for Security](https://i.ytimg.com/vi/d-_sQvOEUPQ/default.jpg)
![Top 4 Active Directory Security Issues from 2 Years of Security Assessments | OD319](https://i.ytimg.com/vi/pXX9NR6F5B8/default.jpg)
![Enterprise Risk Management, Cybersecurity Oversight and Cyber Risk's Future, with James Lam](https://i.ytimg.com/vi/jCdEfrJMNPY/default.jpg)
![How to learn any language in six months | Chris Lonsdale | TEDxLingnanUniversity](https://i.ytimg.com/vi/d0yGdNEWdn0/default.jpg)
![How to Start a Speech](https://i.ytimg.com/vi/w82a1FT5o88/default.jpg)
![Effective Key Risk Indicators Dr Ariane Chapelle](https://i.ytimg.com/vi/6tcC8ilRp7c/default.jpg)
![Why Cybersecurity is Important! | Romeo Farinacci | TEDxGrandCanyonUniversity](https://i.ytimg.com/vi/JIJslcA8Q5g/default.jpg)
![Creating a Security Metrics Program: How to Measure Success - SANS ICS Security Summit 2019](https://i.ytimg.com/vi/gIsLP_Dtv7M/default.jpg)
![Can you identify Significant Risks for an audit client?](https://i.ytimg.com/vi/ENdilHkF2wY/default.jpg)
![What Makes a Good KRI? Using FAIR to Discover Meaningful Metrics](https://i.ytimg.com/vi/w4x1tWTiCHg/default.jpg)
![How to comply with UNECE – Automotive Cybersecurity](https://i.ytimg.com/vi/4kWoou5GEvs/default.jpg)
![Monitoring, Identifying, and Remediating Security Threats](https://i.ytimg.com/vi/GufZBwx5JoU/default.jpg)
![The Five Most Dangerous New Attack Techniques and How to Counter Them](https://i.ytimg.com/vi/sibeN4U1fOg/default.jpg)
![Jack Ma's Life Advice Will Change Your Life (MUST WATCH)](https://i.ytimg.com/vi/lYGGpc2mMno/default.jpg)
![Developing and Articulating Your Bank’s Risk Appetite, Statements & KRIs](https://i.ytimg.com/vi/z4btfHO_YP4/default.jpg)
![Agile Leadership: Preparing for an Unconventional Career Path | Emily Phillips | TEDxUWMilwaukee](https://i.ytimg.com/vi/NWMS5wDSPs8/default.jpg)
![MEASURE WHAT MATTERS by John Doerr | Core Message](https://i.ytimg.com/vi/DXSIHm115gk/default.jpg)
![Risk-based Auditing](https://i.ytimg.com/vi/W2si_bUe6L8/default.jpg)
![Top 5 Cybersecurity Skills | Cyber Security Career | Cyber Security Training | Simplilearn](https://i.ytimg.com/vi/U3LMnJSNsLY/default.jpg)
![The Next Frontier in Risk Management with Jack Jones, author of Factor Analysis of Info Risk (FAIR)](https://i.ytimg.com/vi/QP20rEoNgQY/default.jpg)