SIRACon2018 took place on February 7-8 2018 in Seattle. SIRA members have access to conference videos as soon as they are available, access to non-members is granted in the months preceding the following conference.

SIRA thanks our 2018 host, Starbucks, for making their awesome venue available for the event. The recordings posted below would not look as good without the help from Starbucks' great AV staff and their equipment.

You are welcome to see the conference program with talk abstracts, and the recorded talks listed in the order they were presented. 



SIRACon2018 - Kymberlee Price - Down the open source rabbit hole

Down the open source software rabbit hole – Kymberlee Price . Does your organization use open source software? Do you understand the risks inherent in these dependencies and how they are being managed in your environment? After watching Equifax be compromised by an OSS vulnerability, how are you sleeping at night?


SIRACon2018 - David Severski - Evaluator – Open source quantitative risk

Many risk assessments use qualitative approaches which are resistant to detailed analysis. This session introduces an open source library for the R language for performing a repeatable quantitative risk management at a strategic level which organizations can use to start making real progress in increasing their risk management capabilities.


SIRACon2018 - Lisa Young - Measuring what Matters

It is critical to measure the right things in order to make better-informed management decisions, take the appropriate actions, and change behaviors. But how do managers figure out what those right things are? Questions will be posed to help you set objectives for measurement in your organization.



SIRACon2018 - Jay Jacobs - Data is everywhere.

One of the classic complaints in performing risk analysis is the lack of data, or worse, the lack of "actuarial-quality data". This talk will explore data sources and walk through use cases of gathering the data, parsing and aggregating disparate data sources and continue through extracting and applying the information into your next risk analysis.

Slides - SIRAcon2018 - Jacobs - Data is everywhere.pdf




SIRACon2018 - Apolonio Garcia - The Art of Metrology

In business, an organization's ability to manage risk (combine sometimes with good ol' fashioned luck) can be the difference between profit and loss, or growth and bankruptcy. But the old adage "you can’t manage what you don't measure" is now more real than ever, especially as our data-hungry decision-makers struggle to understand their information and cybersecurity risk. This is where risk metrology can play a role.



SIRACon2018 - Tony Martin-Vegue - Crowdsourced probability

Probability estimates are the cornerstone of any good risk assessment in which data is sparse or expensive to come by, and are often thought of as one of the best ways to supplement existing information with subject matter expertise. Many risk analysts, however, can run into issues when trying to integrate the opinions of many subject matter experts into a risk management program. Some of these problems are: seemingly contradictory probability estimates, bias that can creep into results and the challenge of collecting and using large amounts of data.

Slides - SIRAcon2018 - Martin-Vegue - Crowdsourced probability estimates.pptx

© Society of Information Risk Analysts 2018, a 501(c)6 non-profit organization.

Powered by Wild Apricot Membership Software