The FAIR Institute Blog

Live Chat: 4 Steps to Build a Future-Proof Cyber Risk Management Program

Written by Jeff B. Copeland | Nov 14, 2024 7:21:31 PM

Join us Thursday, January 16, 2025, at 11:00 AM ET/8:00 AM PT for a live chat with the authors of Building a Cyber Risk Management Program:

>>Brian Allen, SVP, Emerging Technology Risk Management for BITS, Bank Policy Institute; former  CSO, Time Warner Cable (right in the photo) and

>>Brandon Bapst, Cyber Risk Advisor, EY (left) 

Register now

Get your questions answered on launching and growing a cyber risk management program (CRMP) that leverages quantitative risk analysis and grows into, as Brian Allen says, “a living, breathing, moving” program that stays ahead of the fast pace of business transformation in what they call the “Fourth Industrial Revolution.”

Brian and Brandon presented on “Developing an Effective Cyber Risk Management Program in Today's Digital Landscape” at the 2024 FAIR Conference.

>>Watch the video of their FAIRCON session now

>>Come back on January 16 for the live chat – register now.  

Discuss Four Key Milestones for a Dynamic Cyber Risk Management Program

Brian and Brandon will cover trends altering the requirements for cyber risk oversight, including regulatory (SEC materiality disclosure rules, for instance), high-profile court cases (Boeing aircraft liability), influential authorities (NACD), and evolving frameworks from NIST and ISO.

They argue that a new framework is needed for cyber risk management programs, with four components.

  1. Agile Governance, built to adjust to rapid change, bringing together corporate management, internal audit under the guidance of an overall governing body, and following seven principles that define roles and responsibilities.
  2. Risk Informed System, a process for risk reporting built on five principles for defining methodology and processes (FAIR fits here).
  3. Risk-based Strategy and Execution, defining and communicating risk appetite and tolerance to achieve effective prioritization. They suggest four guiding principles here as well.
  4. Risk Escalation and Disclosure – for the obstacle course that so many high-profile companies have run in recent years (SolarWinds, Change Healthcare, etc.), Brian and Brandon have some timely advice on the principles and processes that organizations should implement before a crisis.

 Sound too advanced? Brian and Brandon also will discuss four steps to get your CRMP journey started. 

Register now for the live chat. Thursday, January 16, 2024, at 11:00 AM ET/8:00 AM PT
View full post