Here is a small sample of the great talks available to SIRA members. Become a paid SIRA member for only $50/year to show your support for the SIRA mission and get access to the full library of past SIRAcon and webinar recordings.
May 29, 2020 - IRIS 20/20 Deep Dive, Jay Jacobs and David Severski
The 2020 Information Risk Insights Study (IRIS 20/20) helps clear the fog of uncertainty surrounding cyber risk and helps managers see their way to better data-driven decisions. This ground-breaking study leverages a large dataset from Advisen Ltd. spanning tens of thousands of public breaches over the last decade. Cyentia’s extensive analysis of that dataset yields valuable insights about the frequency and financial impact of cyber incidents to organizations of all types and sizes.
In this SIRA-specific webinar with the Cyentia team you will gain an understanding of the key findings, how the IRIS 20/20 results can inform quantitative risk practices, and get a special deep dive into some of the models that are possible with this research. Whether you are just wanting to make better quick risk decisions based on possible losses or looking for better baselines for quantitative assessments, IRIS has something for you!
In IT security, there is a universal truth: we will always have more issues to deal with than we have time, people, and money. This perpetual shortage of resources means security leaders and their teams must continuously prioritize their risks and decide where to apply their limited resources. During this session, we will explore some of the challenges that make prioritizing issues difficult and how a simple principle introduced by 1900 century economist, Vilfredo Pareto, can be used to design an effective risk management process.
Does your organization use open source software? Do you understand the risks inherent in these dependencies and how they are being managed in your environment? After watching Equifax be compromised by an OSS vulnerability, how are you sleeping at night?
Presentation Slides: Down the open source rabbit hole.pptx
Many risk assessments use qualitative approaches which are resistant to detailed analysis. This session introduces an open source library for the R language for performing a repeatable quantitative risk management at a strategic level which organizations can use to start making real progress in increasing their risk management capabilities.
Presentation Slides: Severski - Evaluator.pptx
It is critical to measure the right things in order to make better-informed management decisions, take the appropriate actions, and change behaviors. But how do managers figure out what those right things are? Questions will be posed to help you set objectives for measurement in your organization.
Presentation Slides: Measuring what Matters.pptx
One of the classic complaints in performing risk analysis is the lack of data, or worse, the lack of "actuarial-quality data". This talk will explore data sources and walk through use cases of gathering the data, parsing and aggregating disparate data sources and continue through extracting and applying the information into your next risk analysis.
Presentation Slides: Data is everywhere.pdf
Probability estimates are the cornerstone of any good risk assessment in which data is sparse or expensive to come by, and are often thought of as one of the best ways to supplement existing information with subject matter expertise. Many risk analysts, however, can run into issues when trying to integrate the opinions of many subject matter experts into a risk management program. Some of these problems are: seemingly contradictory probability estimates, bias that can creep into results and the challenge of collecting and using large amounts of data.