Case Study: Analyze Ransomware Risk for a Bank, Satisfy Financial Regulators

Andy Retrum - Protiviti AAt the 2021 FAIR Conference (FAIRCON21), Andy Retrum, Managing Director, Global Financial Services Security and Privacy for Protiviti, presented a use case for FAIR™ quantitative cyber risk analysis of ransomware that would both inform senior management and satisfy financial industry regulators that a bank was taking proper steps to ensure resiliency, specifically to prevent customer harm.


FAIRCON21

Case Study – Regulatory Considerations for Operational Resilience

Andy Retrum, Protiviti

FAIR Institute members can watch the video of this FAIRCON21 session in the LINK member community. Not a member yet? Join the FAIR Institute now, then sign up for LINK. 


Retrum (who is also a FAIR Institute Advisory Board member) showed how Protiviti mapped out the threat vector impacting primary and secondary assets:

FAIRCON21 - Protiviti Use Case Threat Vectors

Get FAIR trained by the most experienced practitioners - Learn how.

Then created a ranked list from the map, usable as loss event scenarios for FAIR analysis:

FAIRCON21 - Protiviti Loss Event Scenarios

Then created this highly visual executive summary report on analysis findings. As Retrum pointed out, this format gives both senior management and regulators a ready view of ranges of probable loss exposure, helpful for setting risk tolerance levels.

FAIRCON21 - Executive Summary - Protiviti

This reporting answers “how can we respond and recover in a more thoughtful way…exactly the discussions the regulators are pushing the financial industry to have,” he said.

“We believe the FAIR methodology is an excellent approach to frame those discussions and not just from a regulatory perspective. When we talk with senior leadership and board members on this topic, they want to talk value. They talk in business terms and what the potential downside is.”

Related: Meet a Member: Andy Retrum, Managing Director at Protiviti

Learn How FAIR Can Help You Make Better Business Decisions

Order today
image 37