Policy Implications of Faulty Cyber Risk Models and How to Fix Them
Offered By: Black Hat via YouTube
Course Description
Overview
Explore the critical impact of accurate cyber risk data on security policies in this 46-minute Black Hat conference talk. Delve into a data-driven analysis of historical cyber incidents, focusing on events affecting multiple organizations. Examine the frequency and economic costs of cyber events, challenging common assumptions about breach likelihood and losses. Investigate how misunderstandings of incident propagation across supply chains can hinder effective third-party risk management. Consider the potential for an inter-organizational approach to security policies and practices. Learn how studying past events can inform future risk appetite and cyber insurance decisions. Evaluate the consequences of poor risk data on regulatory and compliance requirements. Gain insights from speakers Wade Baker and David Severski on improving cyber risk models and their policy implications.
Syllabus
Introduction
About Scientia
Myth
Cost
Cost Per Record
Cost Per Revenue
Frequency
Policy Implications
How do we replace cost per record
Losses are disproportionate
Ripples across the wrist
American Medical Collections Agency breach
How common are these types of incidents
The iceberg
The ripple effect
Multiparty losses
Hat Tip
How can we fix it
Collect better data
Conduct better research
Taught by
Black Hat
Related Courses
Introduction to FinanceUniversity of Michigan via Coursera Information Security and Risk Management in Context
University of Washington via Coursera Financial Engineering and Risk Management
Columbia University via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Caries Management by Risk Assessment (CAMBRA)
University of California, San Francisco via Coursera