Risk Modeling: Quantify Cyber Insights for Effective Risk Management

Join us for a special look into new functionality coming to the CyberStrong platform! In this talk we dive into the new cyber and IT risk functionality coming to the leading cyber risk automation platform including: FAIR model risk quantification, risk register benchmarking, and more. CyberSaint Head of Engineering Scott Shidlovsky joins Senior Sales Engineer Bob Delfin to cover the new features and how security leaders can use them to enhance their own programs.

In recent years, the FAIR model for cyber risk quantification has rapidly garnered attention from the industry. From Gartner to NIST, FAIR has emerged as the advanced risk quantification process for cyber risk programs. Too often, though, organizations are unsure if they’re ready for FAIR, how to begin, or even what FAIR is. In this talk, CyberSaint Senior Customer Advisor Hayley Pruett dives into what is FAIR, who should be using it, and how to get started.

As boards demand greater insight into their cyber posture, CISOs are being expected to dive deeper into the enterprise's exposure to and management of cyber and IT risk. Black-box risk analysis and quantification products and processes don't hold up in these circumstances and, in some cases, can severely limit a security leader’s ability to explain cyber risk to the Board. Join CyberSaint Enterprise Account Executive Patrick O’Brien and Booz Allen Hamilton Senior Associate for Commercial Cyber Strategic Consulting Christopher White as we dive into why opaque risk quantification is limiting your Board’s understanding of cyber and what methodologies enhance their understanding instead of hinder it.

The FAIR model has become the leading methodology to view cybersecurity risk in terms of dollars. CyberSaint's CyberStrong platform puts this powerful analytical tool into the hands of information security practitioners. It allows them to simply show loss probabilities and risk exposures and understand the business decisions around potential mitigations.

In supporting the FAIR model, CyberStrong allows customers to leverage the model of choice for understanding risk in terms of dollars. Customers can use FAIR to benchmark and track financial impacts in cybersecurity while understanding their organization’s loss exposure in financial terms to enable effective decisioning using a probabilistic and financial approach.

In this breakout session from STRONGER 2022, members of the CyberSaint team provided an in-depth review of the FAIR methodology and taught how and where to apply it. This session provides insights on how to empower your team to leverage this rising gold-standard risk model appropriately and avoid unnecessary complexity with practical examples.

In this breakout session from STRONGER 2022, Hernan Huwyler introduced a template to model risks affecting the confidentiality, integrity, and availability of technical and application services. The model introduces a threat taxonomy, vulnerabilities, and Monte Carlo Simulations.

CyberSaint now offers a MITRE and VERIS-based risk model called the CyberInsight Model. This new cyber risk model will help security practitioners quantify cyber risk posture, confidently decide where to take risks, and understand where they can obtain the greatest ROI from their security investments to create business value.