Math Is Hard - Compliance to Continuous Risk Management

Explore a comprehensive conference talk on transitioning from compliance-based approaches to quantitative risk management in cybersecurity. Learn how to design and implement a strategic risk management framework, gain management buy-in, and integrate mature assessment, monitoring, and risk processes. Discover methods for continuous monitoring, metric selection, and effective reporting at analyst, management, and executive levels. Examine the evolution of risk analysis, including mathematically-sound risk matrices and quantitative risk methods. Gain insights into control mapping for gap analysis and access a quick start guide to risk management. Benefit from recommended readings and publicly available data sources to enhance your organization's cybersecurity posture and create a culture of continuous risk awareness.

Intro
Lord Kelvin
Goals of Risk Management
Common Issues to Avoid
Implementing Continuous Monitoring
Continuous Monitoring Metric Selection
Analyst Level Reporting
Management Level Reporting
Executive Level Reporting
Evolution of Risk Analysis
Mathematically-Sound Risk Matrix
Semi-Quantitative Risk Matrix
Quantitative Risk Method
Quantitative Example
Control Mapping for Gap Analysis
Quick Start Guide to Risk Management
Recommended Reading
Publicly Available Data Sources
RSAConference 2019 San Francisco March 4-8 Moscone Center