Incentivizing ICS Security: The Case for Cyber Insurance – SANS ICS Security Summit 2017
https://www.ispeech.org
Register for the 2018 SANS ICS Security Summit & Training: http://www.sans.org/u/yzD
Over the past couple of decades, cybersecurity—as a field—has had difficulty speaking to executives and boards about risk. Our community often qualifies cyber risk as “high, medium, and low” or “red, yellow, and green.”
When compared to more mature areas of traditional risk management, which feature quantifiable metrics and graphs as complex as the Dow Jones Industrial Average, our security professionals may look like they’re carrying crayons to a math test.
Fortunately, in the past few years, we’ve seen a jump in maturity when discussing cyber risk management. By applying leading and lagging metrics, quantifying the impacts due to cyber risk beyond “criticality,” and branching into data analytics, many information security professionals have found new ways to communicate cyber risk in meaningful ways for executives and boards.
This presentation will highlight the new metrics and methodologies used for quantifying cyber risk and cyber program improvements in critical infrastructure. Recognizing the many different drivers for maturing a cyber risk management program, the presenter will also discuss the internal and external partners for these sort of program improvements, and, why security professionals should become very good friends with the insurance industry. - Jason Christopher, CTO, Axio
Join the forum http://ics-community.sans.org and follow us on Twitter @SANSICS. For all upcoming SANS ICS courses, click here http://ics.sans.org/u/rYr.
2017-06-21 17:45:14
source
Gloss