Implementing a Quantitative Cyber-Risk Framework - A FinSrv Case Study

Explore a comprehensive quantitative cyber-risk framework implemented by TIAA in this 48-minute conference talk from RSA Conference. Dive into the scalable framework that bridges granular assessments with business-level aggregate risk reporting. Learn about policy development, standards implementation, configuration baselines, risk quantification techniques, and integration with operational risk management (ORM) and enterprise risk management (ERM) processes. Discover how to effectively engage with project lifecycles and avoid common pitfalls in cyber risk management. Gain insights into the relationship between risk assessment and management action, and acquire practical tools and techniques to implement in your organization. Follow the journey from the framework's inception to its practical application, including discussions on risk appetite reporting, operational risk integration, and the history of cyber risk quantification. Walk away with key takeaways to enhance your organization's cyber risk management strategy.

Intro
Impetus for Cyber Risk Framework
Overview of Cyber Risk Framework
Control Framework Overview
Authoritative Sources
IT Risk Central Overview
Risk Assessment Process, Scope, & Metrics
Application Risk Assessment Details
Infrastructure Risk Assessment Details
Risk Ratings - Translating Quant to Action
Aggregate Risk Appetite Reporting using LECS
OpRisk Integration
History of Cyber Risk Quant
Quant Cyber Risk Justification
Key Takeaways and Application