SIGS Event on Cyber Risk Resilience
SIGS Event on Cyber Risk Resilience
[further information and registration]
On Tuesday, 31. October 2017, VirtueSpark founder Pascal Busch and Monika Josi, Member of the Management Board and Head Global Security Consulting at AXAS AG, speak about Cyber Risk Resilience at the Radisson Blu hotel Basel. Based on their practical experience they address common flaws of cyber risk management implementations and outline how integrated risk management and a well-defined resilience model help to increase the success of cyber resilience operations.
Presentations
CYBER RISK MANAGEMENT – DOOMED TO FAIL? | Pascal Busch
A few years into the cyber security hype, many companies have invested tremendous amounts into cyber defense. Large programs have been implemented and new defense units were created. Although the measures helped to improve security in general, they mostly come at high cost and high use of resources. Still, despite all implementations, reports of security breaches and data theft are frequently showing up in the news. Is the cost-benefit ratio for cyber defense justifiable or is it ultimately high expenses for tilting at windmills? At the latest after a major security breach in the own company, senior management will raise those questions.
Adequate risk management is an important factor for efficiency and effectiveness of cyber security programs. Still this element often tends to be not sufficiently addressed during program implementations.
The presentation addresses aspects and examples of how to effectively apply integrated risk management to cyber security programs in order to achieve a higher cost-benefit ratio and to improve the acceptance throughout the company.
BUILDING A CYBER RESILIENCE PROGRAM | Monika Josi
“Assume breach” is the no longer new motto for the cyber security approach in companies and the NIST Cybersecurity Framework points out the individual related aspects that are to be considered. Nevertheless, many companies sill merely focus on the protection of infrastructure without considering the aspects of “detection of an attack” and “incident response”. The transformation that is required goes beyond the use of new tools. It changes internal processes and required skills throughout the enterprise. It requires a framework, that helps companies with the sustainable implementation of such a transformation and that ensures measurability and continuity over a longer period.
Aim of the presentation is to illustrate such a cyber resilience model and to demonstrate the possible implementation based on concrete practical examples.