Course Agenda

Agenda

Day 1 - Wednesday 26th September 2018

09:00

Registration and refreshments

09:30

Goals of cyber risk management

  • Introductions and listing of cyber risk concerns by attendees
  • What is risk management and why do we do it?
  • How cyber fits into the risk management paradigm
  • Regulatory overview & supervisory focus
  • Defining the 3 basic assets (Data Availability, Data Integrity, Data Security)
  • Risk based approaches to enable better calculation of return on security investments
  • The challenges of cyber risk in the increasingly regulated world

Speaker: Michael Barton, Director of Op Risk Quantification & Scenario Analysis, AIG

11:00

Morning break

11:30

Technological Tools for Cyber Risk 

  • Machine learning, big data & AI in banking, risk management & modelling
  • New vulnerabilities
  • Cyber risk and relation to other risks
  • Ways to address

Speaker: Bernhard Hientzsch, Head of Model, Library and Tools Development in Advanced Technologies for Modeling, Corporate Model Risk, Wells Fargo

13:00

Lunch

14:00

Modeling Cyber Risk 

  • Can risk models accurately capture cyber risk? 
  • How to apply stress testing and scenario analysis to cyber risk
  • Should you use the same cyber scenarios annually?
  • Best practice for combining cyber scenarios with macro scenarios

Manan Rawal, EVP – US Head of Model Risk Management, HSBC

15:30

Afternoon break

16:00

Quantifying Cyber Risk - FAIR Models

  • Why should we quantify risk in dollars?
  • What are the flaws of traditional “risk rating” methods?
  • How do you identify scenarios for FAIR analysis?
  • What is the FAIR Model and how does it work?
  • How are calibrated estimation and Monte Carlo simulation used in FAIR analyses?
  • What do the results of FAIR analysis tell us?

Short Break 

  • Live case study demonstration
  • Where can I go for more information on FAIR?

Speaker: David Musselwhite, Risk Consultant & Head of Training, RiskLens

17:45

End of day one

Day 2 - Thursday 27th September 2018

09:00

Refreshments

09:30

Qualitative approaches to cyber risk

  • Organisational challenges & governance structure
  • Checklists
  • Operational steps
    • Patch management
    • Business continuity
    • Crisis management
  • Audits
  • Model risk management of the approaches

Dennis Bennett, CEO, Model Risk Managers International Association (MRMIA)

11:00

Morning break

11:30

Third Party Vendor Risk & Insurance Assessment

  • Insurance assessment for cyber risk
  • How can we underwrite cyber risk?
  • Integrating information security function and fraud detection
  • Conducting incident exercises
  • Data breach related fraud prevention, how can we authenticate?
  • Vendor stratification to mitigate risk
  • Fourth party vendor risk?

Speaker: Rocco Grillo, Executive Managing Director, Global Leader Cyber Resilience Services, Stroz Friedberg

13:00

Lunch

14:00

Connectivity between Cyber Risk Management & Op Risk Management

  • Cyber as an “operational risk”
  • People, process AND technology
  • Building a coalition of the willing through a common language
  • Decision making, business continuity and resilience
  • The people challenge
  • A human response
  • The role of creativity
  • The innovation challenge

Speaker: Aengus Hallinan, Managing Director, Group Head of Operational Risk Management, Credit Suisse

15:30

Afternoon break

16:00

Methodology for quantification of Cybersecurity Risk

  • Loss Distribution Approach
  • Cyber VaR
  • Structured Scenario Analysis

Speaker: Ashish Dev, Principal Economist, The Federal Reserve Board 

17:30

End of course