Applying Quantification to APRA CPS 234


Instructor: Denny Wan
Product ID: 706616
Training Level: Intermediate

  • Duration: 120 Min
APRA CPS 234 demands managing cyber risk under Enterprise Risk Management (ERM). This webinar explains how to apply NISTIR 8286, connecting cybersecurity to ERM, to address this requirement.
Purchase option for this webinar is currently unavailable. Please contact our Customer Care for more info. Webinar All Access Pass Subscription


Customer Care

Fax: +1-650-362-2367

Email: [email protected]

Read Frequently Asked Questions

Why Should You Attend:

  1. Do you need to explain sufficiency of the cyber risk program to the board?
  2. Is your cyber risk program part of ERM and managed according to the corporate risk appetite statement?
  3. Are you confident your supplier is compliant with your CPS 234 obligations?
  4. Do you want to learn how to drive 'good risk' to deliver tangible value from the cyber risk program?
  5. Want to learn how to transition from qualitative risk analysis to quantitative risk analysis in order to measure sufficiency of the cyber risk program.

By attending this webinar, you will learn the key concepts to address the above cyber risk management challenges through step-by-step instructions and practical hands on examples.

APRA CPS 234 makes business boards responsible for the sufficiency of their cyber risk programs. This regulatory requirement compels boards to include cyber risk management as part the Enterprise Risk Management (ERM) programs. This webinar explains how to apply the new NIST standard NISTIR 8286, connecting cybersecurity to ERM, to address this requirement through step-by-step instructions and practical hands- on examples.

Areas Covered in the Webinar:

  • The history and structure of APRA CPS 234 standard
  • Mapping to guidance in APRA CPG 234
  • Reporting and notification requirements
  • Materiality considerations
  • 3rd party service providers compliance requirements
  • Introduction to NISTIR 8286 - connecting cybersecurity to Enterprise Risk Management (ERM)
  • Managing cyber risks in accordance with Risk Appetite Statements
  • Understand Risk Appetite and Risk Tolerance
  • Quantifying Risk Appetite Statement using the Open Group FAIR Cyber Risk Quantification framework
  • Practical case studies

Who Will Benefit:

  • Chief Risk Officer (CRO)
  • Chief Information Officer (CIO)
  • Chief Information Security Officer (CISO)
  • IT Manager
  • IT Risk Manager
  • IT Risk Analyst
  • IT Auditor
  • IT security administrator
  • Supply Chain Risk Manager
  • Risk Compliance Officer
Instructor Profile:
Denny Wan

Denny Wan
Founder and Co-chair, FAIR Institute

Denny Wan is a recognized cyber security expert specializing in the NIST endorsed Open Group FAIR (Factor Analysis of Information Risk) cyber risk quantification framework. He is a certified ISO27001 Lead Auditor, PCI QSA and CISSP. FAIR analysis expresses cyber risk in financial terms, enabling the business board to assess the sufficiency of their security capabilities as required under APRA CPS 234. Denny extends his FAIR experts to apply to the NISTIR 8286 standard, empowering risk managers to connect cybersecurity to Enterprise Risk Management. This approach is also useful for managing 3rd party supplier risks under APRA CPS 234. He is the founder and co-chair of the Sydney Chapter of the FAIR Institute and Australian. His expertise in IT security audit and cyber risk quantification enables him to create a balanced approach in tackling the compliance challenge of APRA CPS 234 from a business perspective.

Follow us :


More Training By Experts



Refund Policy

Our refund policy is governed by individual products and services refund policy mentioned against each of offerings. However in absence of specific refund policy of an offering below refund policy will be effective.
Registrants may cancel up to two working days prior to the course start date and will receive a letter of credit to be used towards a future course up to one year from date of issuance. ComplianceOnline would process/provide refund if the Live Webinar has been cancelled. The attendee could choose between the recorded version of the webinar or refund for any cancelled webinar. Refunds will not be given to participants who do not show up for the webinar. On-Demand Recordings can be requested in exchange. Webinar may be cancelled due to lack of enrolment or unavoidable factors. Registrants will be notified 24hours in advance if a cancellation occurs. Substitutions can happen any time. On-Demand Recording purchases will not be refunded as it is available for immediate streaming. However if you are not able to view the webinar or you have any concern about the content of the webinar please contact us at below email or by call mentioning your feedback for resolution of the matter. We respect feedback/opinions of our customers which enables us to improve our products and services. To contact us please email [email protected] call +1-888-717-2436 (Toll Free).




6201 America Center Drive Suite 240, San Jose, CA 95002, USA

Follow Us

facebook twitter linkedin youtube


Copyright © 2023 MetricStream
Our Policies: Terms of use | Privacy

PAYMENT METHOD: 100% Secure Transaction

payment method