Course Agenda

Agenda

Cyber Risk & Modeling Methodologies

Day 1 - Thursday 28th March

09:00

Registration and refreshments

09:30

Cyber Risk Management

  • Where cyber fits into enterprise risk management
  • Current trends in cyber risk management
  • Cyber, privacy and compliance risk in an increasingly regulated world
  • Tools for assessing and quantifying cyber risk
  • Cyber risk management strategies – 3 examples (healthcare, retail, manufacturing)

Ben Goodman, Founder, 4a Security & Compliance

11:00

Morning break

11:30

Risk process - Scenario Design and Analysis 

  • Scoping scenarios for analysis 
  • Collecting data and making estimates 
  • Applying stress testing and scenario analysis to cyber risk 
  • Presenting results and communicating about risk to decision-makers

Evan Sekeris, Partner, Oliver Wyman & Ramy Farha, Partner, Oliver Wyman

13:00

Lunch

14:00

CASE STUDY –   Measuring the Cyber Risk of an Insurance Company

  • The original problem statement - Validating the model
  • The original approach - Working with ordinal and interval scales
  • Cyber risk identification, analysis and prioritization
  • The original answer
  • Restating the problem
  • A different approach (with Monte Carlo Simulation)
  • A different answer
  • Measuring cyber risk

Ben Goodman, Founder, 4a Security & Compliance

15:30

Afternoon break

16:00

CASE STUDY: Quantifying & Visualising Cyber Risk

  • Defining cyber risk
  • Using a quantifiable model
  • Defining measurement, accuracy and precision
  • Accuracy vs. Precision
  • Establishing and implementing effective cyber risk dashboards

Jeff Welgan, Head of Executive Training Programs, CyberVista

17:30

End of day one

Day 2 - Friday 29th March

Day two will be led by:
Michael Barton, Director of Quantitative Assessments, United Health Group and Anthony Shapella, Managing Director, AIG

Joined by Marc Light from Bitsight Technologies to lead a case study on third- party vendor risk

 

09:00

Refreshments

09:30

Risk management & quantification - portfolio view

  • Review of assessing individual risk for own risk management purposes 
  • Moving towards a portfolio view - how do you assess risk in aggregate? 

11:00

Morning break

11:30

Case study: Taking third-party vendor risk from individual to portfolio level

  • Using data to assess the risk of a single vendor
  • Assembling risk data for a portfolio of vendor companies 

Marc Light, Bitsight Data & Research, Bitsight Technologies

13:00

Lunch

14:00

Case study: Portfolio risk

  • Methods to identify and address riskiest pockets of the portfolio 
  • Adjustments of overall risk view in light of portfolio risk reduction

15:30

Afternoon break

16:00

Portfolio modeling and individual risk

  • If you know what insurance companies are looking for to underwrite risk, what can that help you do to become a better risk? 
  • Organizational/risk management structures that are more favorable risks
  • Favorable controls 
  • Partnering that can be done to combat the wider risk

17:30

End of course