I specialize in equipping Chief Information Security Officers (CISOs) and their teams with the essential training and tools needed to effectively quantify cyber risk. My mission is to help organizations make informed, risk-based decisions that enhance their cybersecurity posture. By implementing Cyber Risk Quantification (CRQ) within your risk management programs, you are able to identify vulnerabilities that can lead to cyber attacks before they happen. The focus is on avoiding potential impact and developing effective strategies.
Customized workshops are available. Let's discuss your needs and I'll give you a custom quote.
Overview: This course provides students with a working knowledge of quantification methods and models suitable for quantifying cyber risk. Students will learn basic probability equations and concepts. Students will learn a simple manual method for quantifying risk and impact. Course comes with Excel-based workbook that includes a probability calculator, worksheets and models.
Learning Objectives: In this course you will learn to identify and organize relevant data for analysis, how to develop estimates and use the various models and methods.
Overview: This course provides candidates with the knowledge and tools to apply the Factor Analysis of Information Risk (FAIR) standard analytical method. This method includes estimation of threat, vulnerability, and financial impacts.
Learning Objectives: This course introduces students to an Excel-based FAIR compliant model and gives them a working knowledge of the FAIR (tm) standard and how to use this method for quantifying cyber risk in terms of financial impact.
Overview: In this course students will learn the role of risk quantification in risk management. Special emphasis will be placed on the development of measures and metrics as well as the use of a risk register employing quantitative values. Students will learn methods for aggregating risk across the enterprise.
Learning Objectives: This course introduces the student to the role of risk quantification within the risk management program. It is well suited for CISOs and their staff.
Overview: In this course students will learn how to select meaningful measures and metrics for building an effective risk management program. Trending operational actions is not effective in managing risk. You need metrics that align with corporate goals and measures that enable you to reduce risk. They also reflect the organization's definition of risk, and risk acceptance.
Learning Objectives: This course introduces the student to meaningful measures and metrics and how they are used to drive risk reduction.
Overview: In this course, students will learn how to measure risk in their compliance programs. Most organizations believe their compliance program measures their security maturity without considering the potential risk within. This course teaches you how to measure the effectiveness of your current policies and procedures and identify and quantify the risks. Stakeholders are more willing to fund compliance when it can be demonstrated to measurably reduce risk to corporate goals.
Learning Objectives: This course introduces students to method of measuring the effectiveness and risk in their compliance program.
Overview: In this course students will learn how to analyze risk in the incident response function. This goes beyond table-top exercises into quantifying risk and evaluating how each step of the risk response may increase or decrease that risk.
Learning Objectives: This course introduces students to measuring risk in the incident response function.
Overview: In this course students to the use of analysis as the foundation for making resource allocation decision. Most executives fail to leverage this strategy unfortunately. When properly applied this provides a measurable cost savings and demonstrates to interested stakeholders, an effective and maximized use of limited resources.
Learning Objectives: This course introduces students to effective resource management and measurable cost savings in their risk management program.
Overview: In this course students will learn how to analyze vulnerability data to aid in the prioritization of remediation. Students will learn how to "tag"d data with "key words" for analysis. Students can use this method to quickly identify which vulnerabilities in their environment can lead to initial access and privilege escalation among other things. Students will receive an Excel-based workbook with worksheets set up to do this "tagging" and auto-generate related charts.
Learning Objectives: This course introduces students to vulnerability data analysis and how to generate meaningful statistics.
Overview: In this course students will learn how to convert compliance risk assessment findings into impact statements for either optional or financial impacts. Most compliance assessments and assessors fail to perform this critical step leaving assessment reports as little more than a compilation of findings which risk managers and stakeholders find difficult to interpret. In this course the student will learn how to perform this final critical step to turn the investment in compliance into a valuable resource rather than the typical checklist activity that it so commonly is.
Learning Objectives: This course introduces students to a proven method for turning assessment findings into impact statements.
Overview: In this course students will learn how to analyze application risk. This course applies a technique used in Department of Defense which includes the use of basic CONOPS core features and functions. This is a collaborative approach with development teams and usually spans several days and weeks to complete but consistently yields the deepest insights into application risk. Once the initial analysis is completed, it can easily be updated at each development iteration.
Learning Objectives: This course introduces students to application risk analysis.
Overview: In this course participants will learn two advanced methods for quantifying cyber risk. The first method is the probability tree which is a visual method for analyzing risk. The second method is Bayesian Inference which is a mathematical method for verifying risk estimates. An Excel-based workbook is provided containing both models.
Learning Objectives: This course introduces participants to two advanced methods and gives them a working knowledge of when and how to apply them.
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.