Cyber risk management has progressively made its place in the Board Room discussions of all Enterprises. The size, sector or maturity of an organization does not anymore decide whether it should consider Risk Assessments. It is a mandatory exercise that organizations need to consider due to internal, business and external triggers. Major industry regulations and Information Security Management Systems consider risk management as the first step towards identification, prioritization and operationalization of Cyber Security practices across organization.
Over the years, several formal IT risk-assessment frameworks have emerged to help guide security and risk executives through the process. Most qualitative risk assessment frameworks depend on multiplying ordinal values RAG (Red, Amber, and Green) status associated with risk factors with similar parameters and arrive at risk score that is subject to interpretation. However, most qualitative risk assessment frameworks, do not have the ability to model risk. Organizations that aim to mathematically model risk and arrive at loss estimations based on dollar value, adapt quantitative risk assessment methods.
This session will focus on the following aspects of risk management:
— Regulations, standards and industry triggers that mandate risk assessments
— Popular risk assessment methodologies and techniques implemented by organizations for risk assessments
— Quantitative and Qualitative approaches to risk management
— Use of automation and GRC solutions for the management of risk assessments
Speaker Profile: Shashanko Roy is a Director in KPMG’s Advisory Services practice with more than 16 years of management advisory and business experience. He has a considerable project and program management experience with Archer GRC and ServiceNow GRC implementations.