Applying Quantification to NISTIR 8286

Speaker

Instructor: Denny Wan
Product ID: 706617
Training Level: Intermediate

Location
  • Duration: 120 Min
NISTIR 8286 is blueprint for connecting cybersecurity to Enterprise Risk Management (ERM). This webinar explains the core concepts and practices in NISTIR 8286 by applying it to the Australia cyber security regulatory framework, APRA CPS 234, as a case study.
Purchase option for this webinar is currently unavailable. Please contact our Customer Care for more info. Webinar All Access Pass Subscription

 

Customer Care

Fax: +1-650-362-2367

Email: [email protected]

Read Frequently Asked Questions

Why Should You Attend:

The NISTIR 8286 describes the process of developing a cyber risk management program from the enterprise risk register. It can assist business boards to assess the sufficiency of their cyber risk programs. This webinar explains how to apply the NIST standard NISTIR 8286 to address this requirement through step-by-step instructions and practical hands-on examples using the Australian regulatory framework, APRA CPS 234, as a case study.

  1. Do you need to explain sufficiency of the cyber risk program to the board?
  2. Is your cyber risk program part of ERM and managed according to the corporate risk appetite statement?
  3. Are you confident your supplier is compliant with your CPS 234 obligations?
  4. Do you want to learn how to drive 'good risk' to deliver tangible value from the cyber risk program?
  5. Want to learn how to transition from qualitative risk analysis to quantitative risk analysis in order to measure sufficiency of the cyber risk program.

By attending this webinar, you will learn the key concepts to address the above cyber risk management challenges through step-by-step instructions and practical hands on examples.

Areas Covered in the Webinar:

  • The history and structure of APRA CPS 234 standard
  • Mapping to guidance in APRA CPG 234
  • Reporting and notification requirements
  • Materiality considerations
  • 3rd party service providers compliance requirements
  • Introduction to NISTIR 8286 - connecting cybersecurity to Enterprise Risk Management (ERM)
  • Managing cyber risks in accordance with Risk Appetite Statements
  • Understand Risk Appetite and Risk Tolerance
  • Quantifying Risk Appetite Statement using the Open Group FAIR Cyber Risk Quantification framework
  • Practical case studies

Who Will Benefit:

  • Chief Risk Officer (CRO)
  • Chief Information Officer (CIO)
  • Chief Information Security Officer (CISO)
  • IT Manager
  • IT Risk Manager
  • IT Risk Analyst
  • IT Auditor
  • IT security administrator
  • Supply Chain Risk Manager
  • Risk Compliance Officer
Instructor Profile:
Denny Wan

Denny Wan
Founder and Co-chair, FAIR Institute

Denny Wan is a recognized cyber security expert specializing in the NIST endorsed Open Group FAIR (Factor Analysis of Information Risk) cyber risk quantification framework. He is a certified ISO27001 Lead Auditor, PCI QSA and CISSP. FAIR analysis expresses cyber risk in financial terms, enabling the business board to assess the sufficiency of their security capabilities as required under APRA CPS 234. Denny extends his FAIR experts to apply to the NISTIR 8286 standard, empowering risk managers to connect cybersecurity to Enterprise Risk Management. This approach is also useful for managing 3rd party supplier risks under APRA CPS 234. He is the founder and co-chair of the Sydney Chapter of the FAIR Institute and Australian. His expertise in IT security audit and cyber risk quantification enables him to create a balanced approach in tackling the compliance challenge of APRA CPS 234 from a business perspective.

Follow us :

 

More Training By Experts

 

 

Refund Policy

Our refund policy is governed by individual products and services refund policy mentioned against each of offerings. However in absence of specific refund policy of an offering below refund policy will be effective.
Registrants may cancel up to two working days prior to the course start date and will receive a letter of credit to be used towards a future course up to one year from date of issuance. ComplianceOnline would process/provide refund if the Live Webinar has been cancelled. The attendee could choose between the recorded version of the webinar or refund for any cancelled webinar. Refunds will not be given to participants who do not show up for the webinar. On-Demand Recordings can be requested in exchange. Webinar may be cancelled due to lack of enrolment or unavoidable factors. Registrants will be notified 24hours in advance if a cancellation occurs. Substitutions can happen any time. On-Demand Recording purchases will not be refunded as it is available for immediate streaming. However if you are not able to view the webinar or you have any concern about the content of the webinar please contact us at below email or by call mentioning your feedback for resolution of the matter. We respect feedback/opinions of our customers which enables us to improve our products and services. To contact us please email [email protected] call +1-888-717-2436 (Toll Free).

 

 

+1-888-717-2436

6201 America Center Drive Suite 240, San Jose, CA 95002, USA

Follow Us

facebook twitter linkedin youtube

 

Copyright © 2023 ComplianceOnline.com MetricStream
Our Policies: Terms of use | Privacy

PAYMENT METHOD: 100% Secure Transaction

payment method