Meet us at the following events to discover how a quantitative approach to cyber risk management enables effective decision-making.
Summary: Common cyber and technology risk measurement practices today are broken. The result is that organizations struggle to prioritize their risks they
- - gain an understanding what FAIR is,
- - have an opportunity to apply it to analyze one (or more) risks.
Be forewarned though, some of what will be discussed will challenge conventional wisdom.
Who should attend
IT Leaders (CIOs/CTOs/
June 20 - 21, 2017 | Marriott Marquis Marquis | New York, NY
RiskLens is one of the sponsors of the event and will be present with several executives, including co-founder and President Steven Tabacek and CEO Nick Sanna, besides Jack Jones.
Join Jack Jones at the panel discussion on June 20th at 11:40 am titled "Quantifying cyber risk exposure"
- Using the standard Factor Analysis of Information Risk (FAIR) model for risk quantification and analysis
- Putting a price tag on enterprise-wide loss exposure
- Justifying the value of
cybersecurityto management and the board
April 27 - 28, 2017 | Prince George Hotel | Halifax, Nova Scotia, Canada
Senior Risk Consultant Isaiah McGowan will be presenting on "Why risk is our bridge between security and business worlds" on April 28 from 10:00 AM to 10:45 AM.
Abstract: There is a need to make well-informed security decisions that align with business expectations. It’s always been there; we’re just more explicit about it today. This session focuses on a core tenant that bridges the gap in communication between security and business focuses: risk. Our most familiar approaches to risk measurement are failing us. What else is out there? And what are the implications for various security disciplines? We will dive into these topics and flesh out a way forward that aligns our security concerns with their business needs.
Jack will be presenting two sessions at the conference:
9:00 AM – 9:30 AM
Session 1 – Revisiting the Groundwork, Jack Jones
Within the information security and risk
In this first section, we’ll review some basic risk concepts and terminology, which will lay the foundation for everything that follows.
4:15 PM – 5:00 PM
Making the Case to Risk Management, Jack Jones
The primary reason for measuring risk is to help executives make well-informed business decisions.
That being the case, this final session of the day will focus on the challenges with, and practical approaches for, communicating risk analysis results to management. These tips can make the difference between glazed eyes and genuine interest by the executives whose decisions drive the risk condition of an organization.
Jack Jones will be presenting a session on 'The Characteristics of a Risk-aligned Leader'
8:00 AM - 10:00 AM
Jack Jones will be presenting a session on 'Tomorrow's Cyber-Risk Analyst' (PROF-W11)
2:45 PM - 3:30 PM
Abstract: As our industry evolves to better align with the needs of senior executives and boards of directors, the skills and characteristics of professionals need to evolve as well. In this session, Jack will describe what the next generation of cyber risk
9:00 AM - 10:00 AM
The combination of inherently limited risk management resources and an increasingly complex and dynamic risk landscape means that effective prioritization is crucial. Without it, organizations are unable to identify and resolve their most important issues, and will invariably waste resources and delay resolving important issues.
In this session, Jack Jones will highlight some of the key weaknesses in common (and even “best”) practices, as well as share insights and simple steps
9:00 AM - 5:00 PM
Hosted by the FAIR Institute, the FAIR Conference brings the foremost leaders in information risk management together to explore best FAIR practices that produce greater value and align IT with business goals.
Stay tuned for more details.
Jack Jones will be presenting on 'Changing Your Third Party Management Strategy for Cyber Security Risk and Compliance.'
3:00 PM - 5:00 PM
Audience members will
- Serious challenges to managing risk: Bald tires and space shuttle missions
- Quantitative vs. qualitative risk measurement — Correcting misperceptions and fallacies
- Factor Analysis of Information Risk (FAIR) — Understanding a simple and clear model for risk analysis
- Communicating third party risk effectively to the c-suite
- Prioritizing third party risk management efforts effectively
- Understanding the flaws with current third party cyber risk management methods
- How to manage third parties effectively by acting like a wolf hunting Caribou
Jack Jones will be delivering the keynote address titled 'Just Secure What?'
1:30 PM - 2:15 PM
- Jack will demonstrate the challenges faced by the information security profession.
- Share practical methods for overcoming them by leveraging the FAIR open standard.
CEO, Nick Sanna will be presenting on 'Valuing the Invaluable - Identify, Measure & Value Cyber Risk in Financial Terms.'
10:30 AM - 11:30 AM
- Learn to identify, measure and value individual risks as part of your risk management program.
- See cyber risk management software that is purpose-built
onFactor Analysis of Information Risk (FAIR), the only international standard Value at Risk (VaR) model for cybersecurityand operational risk.
- Contact us to request a personal invitation to this exclusive, invite-only event.
11:25 AM - 12:15 PM
- Attendees will learn how measurement of cyber risk using analytics and reporting can help decision makers make more informed decisions regarding cyber risk management.
Insightgained from this approach will help provide a return on investment for cybersecuritybudgets, prioritize cybersecurityprojects/resources, and help determine appropriate capital reserves or determine insurance requirements.
Steve Tabacek will be co-presenting a session on 'Quantifying Cyber Security Risk in Dollars and Cents to Optimize Budgets' with Chris Cooper, VP, Operational Risk Officer, Reinsurance Group of America, Inc.
2:00 PM - 3:00 PM
- Attendees will learn how factor analysis of information risk (FAIR) can be used to quantify cyber risk in financial terms.
- Adopt business language that translates cyber security risks into executive- and board-understood terms.
Jack Jones will be participating in several sessions throughout the day. His first presentation will be a session on 'Setting the Stage: What is Risk Anyway? Ending the Confusion'
8:15 AM – 9:00 AM
- Attendees will gain clarification about risk, hear examples of what’s making it so confusing, and learn what can happen if the confusion is not alleviated.
- Learn a clear, meaningful, and practical set of definitions and concepts that can fundamentally change the risk dialog in your organization.
- Learn how to consistently normalize risk terminology and concepts within your organization.
- Gain an improved ability to “drill into” and evaluate someone else’s statements about risk.
Jack will also be presenting on the topic of '3 Common Risk Management Pitfalls and Challenges'
10:15 AM – 11:15 AM
- Learn the most common reasons why organizations struggle to manage information security risk effectively.
- Learn the simple steps for recognizing, avoiding, and correcting common risk management mistakes where you work.
- Understand when compliance helps and hurts a security program.
- Learn why most risk management maturity models miss the point and don’t measure maturity effectively.
Jack will also be co-presenting with Evan Wheeler, DTCC, and Ron Woerner, Director Cybersecurity Studies, Bellevue University on '5 Risk Measurement and Communication: Triage Exercise'
1:30 PM – 3:15 PM
- Prioritization is one of the most important, and challenging, components of risk management. In this
sessionwe’ll share and practice applying methods for triaging things like policy exceptions, audit findings, and vulnerability scan results.
- Explore and practice using common risk management methodologies including FAIR and the NIST Risk Management Framework (RMF). These enable you to identify, measure, and prioritize security risks to your organizational infrastructure.
- Sample tools and methods for documenting and communicating risks in your organization.
- Gain hands-on experience quickly sifting through the noise and identifying the exposures that matter most.
March 15-16, 2016 | New York Marriott Marquis
RiskLens will be exhibiting at the Cyber Risk North America Forum and participate on a panel on prioritizing cyber risk prevention initiatives.
Feb 29-Mar 4, 2016 | Moscone Center San Francisco
Jack Jones will be presenting a session on 'How
Scheduled Date: 03/02/2016 - 10:20 AM - 11:10 AM
Abstract: Infosec maturity models abound, and although they provide some value, they completely ignore fundamental elements that ultimately determine whether an infosec program is mature -- or not. In this
Follow-on Discussion: 03/02/2016 - 4:30 PM- 5:20 PM
Abstract: Continue the How Infosec Maturity Models Are Missing the Point conversation in a smaller group discussion and Q&A with the presenter. This session will be discussion based—no new slides will be presented. This session is limited to 50 attendees.
Jack Jones will be participating in a panel discussion on 'Habits of an Effective CISO.' (GRC-R02)
Scheduled Date: 03/03/2016 - 8:00 AM- 8:50 AM
Short Abstract: With less time and more responsibilities, how does an effective CISO manage? Three leading CISO will share their strategies for success.
Ben Rothke, Senior eGRC Consultant, The Nettitude Group
Phil Agcaoili, Chief Information Security Officer, Elavon
Roland Cloutier, VP & CISO, ADP, Inc.
Jack Jones, EVP Research & Development, RiskLens
Jack Jones will be participating in a panel discussion on 'Aligning and Prioritizing Risk Efforts Across the Enterprise' (GRC-F03)
Scheduled date: 03/04/2016 at 11:20 AM- 12:10 PM
Short Abstract: The responsibility for managing risk rests within many parts of the organization(e.g., audit, security, compliance, etc.). Unfortunately, very often these efforts are redundant or contradictory. In this session, learn how these groups can work together to minimize confusion and “religious” debates in order to better evaluate risk and prioritize in a consistent, efficient, and aligned manner.
Jack Jones, EVP Research & Development, RiskLens
Maria Shaw, VP, IT Risk Management, McKesson
Tess Martillano, MD, IRM Enterprise Services & CIRO, Latin America & the Caribbean, BNY Mellon
Evan Wheeler, Executive Director, Operational Risk Management, DTCC
Isaiah McGowan will present a session on 'Steps to Success - Lessons Learned on Successfully Adopting OpenFAIR'
Abstract: In the two years since
This session will explore key attributes of a successful OpenFAIR implementation, pitfalls to avoid when adopting OpenFAIR, and examples of how OpenFAIR can help mature virtually any risk program.
Steven Tabacek will be participating in a panel discussion on 'Trends in Cybersecurity'
04:00 - 06:00 pm
Come listen to a panel of
October 8 - 9, 2015 | Detroit, MI
RiskLens will be attending the annual conference
August 3 - 4, 2015 | Buffalo, NY
Jack Jones and Chad Weinman will be participating in the annual private IT risk management event. This is the third year we have been involved.
April 26 - 29, 2015 | New Orleans, LA
CXOWARE will be at the RIMS 2015 Conference exhibiting its innovative cyber risk quantification solution RiskCalibrator at the ABA Risk Management Forum in New Orleans, LA.
April 22 - 23, 2015 | Cambridge, MA
Steve Tabacek will be presenting “Translating Propeller-Head Cyber Risk Information for the Board and Executive Management” on Thursday at
April 20 - 24, 2015 | Moscone Center | San Francisco, CA
Jack Jones will be presenting “Misinforming Management” on Thursday at
On Thursday from 1:30 –
April 14 - 17, 2015 | St. Louis, MO
CXOWARE will be at the ABA Risk Management Forum exhibiting its innovative cyber risk quantification solution RiskCalibrator at the ABA Risk Management Forum in St. Louis, MO.