Webinar: How to Get More Value from a Cybersecurity Controls Inventory

Marta Palanques 3“Virtually every organization will tell you they do more controls management than risk management,” says Marta Palanques, Director of Risk Methodologies, Technology Risk Management, at Capital One, and with cybersecurity controls often numbering in the hundreds, even thousands, at large organizations, just inventorying the controls stack is a consuming, if necessary, project.

In this webinar, Marta gives an extensive list of tips on how to manage a controls inventory for maximum value and minimum stress. Watch Getting Your Money's Worth - Putting Your Controls Inventory to Work with Marta Palanques now. A FAIR Institute Contributing Membership required – learn more about membership

Some key points from the webinar on an inventory of controls:

  • How to determine the optimal size of your inventory, considering cost and complexity
  • How to set a measurable goal for every control, to run a program based on value for risk reduction
  • How to set your level of effort, ranging from once-a-year manual checks to continuous monitoring
  • How to create a low-effort assessment of the organization’s risk-management maturity, using a controls inventory, gap analysis with one of the standard frameworks, and controls testing
  • How to batch controls according to risk scenarios and simplify attribute descriptions to make a large inventory more manageable. 
 Webinar - Controls Inventory - Marta Palanques

From the webinar

“A long list of controls is really only complicating what you do in terms of measuring risk,” Marta says. But “controls inventory is not going to disappear so you might as well use it as best you can.”

More on making sense of controls: 

FAIRCON22 Video: Jack Jones Explains FAIR Controls Analytics, RiskLens Previews the FAIR-CAM Tool for Quantitative Risk Analysis Automation 

Learn How FAIR Can Help You Make Better Business Decisions

Order today
image 37