Too often is cybersecurity either "tool driven" or purely "capability driven." Taking a risk based approach provides a more precise and cost effective approach to building and executing cybersecurity programs. There is also confusion about what "cyber risk" is, how to measure it, how to govern it, and how to communicate it effectively to executives such as the Board. This webinar presents some perspectives on taking such as risk centric approach, defining a framework to measure it using key risk indicators (KRIs) and key performance indicators (KPIs). It also talks about the ingredients of what a communication to the Board could look like.
- Definitions of Cyber risk
- Risk appetite framework
- Risk measurement - KRIs and KPIs