Video with Slides
Recording and slide deck below
Interactive discussion focusing on Highmark Health's two-year journey to implement quantitative cyber risk management methods. We will cover how we achieved our program’s objective to present an enterprise-level quantitative risk view by leveraging the strengths of our control framework and the Factor Analysis of Information Risk (FAIR) methodology. After a brief introduction to the Factor Analysis of Information Risk (FAIR) model, participants will have the opportunity to learn about the problems that quantitative risk management has solved at Highmark and implementation best practices illustrated by specific examples. The presentation is intended for security programs/professionals who are interested in using control-focused activities to inform the quantified cyber risk for an enterprise and leverage quantitative cyber risk analytics to drive better business outcomes including prioritized control-related remediation.