In this webinar, Greg Spicer, Co-Founder and CRO of Ostrich Cyber Risk, along with Andras Szkal and John Linford of The Open Group will dive into the intricacies of identifying your biggest cyber risk. We then will explore how to determine which controls most effectively mitigate these risks and how to quantify their effectiveness in financial terms, and influence decisions with stakeholders in your business. 

Join us for an in-depth product briefing where we'll cover the significant updates to Ostrich's Birdseye™ application. This webinar will highlight how our latest advancements enhance the mapping of risks to controls, ensuring your firm can most effectively reduce cyber risks.

During this session, you'll get an exclusive look at the new features and improvements in Birdseye™, with a focus on its upgraded Risk Analysis page. Learn how these updates can streamline your risk management processes and bolster your organization's security posture.

Key Highlights:

-Detailed overview of the major updates to the Birdseye™ application

-Enhanced mapping of risks to controls for effective cyber risk reduction

-Demonstration of the improved Risk Analysis page

-Interactive Q&A session with our experts

In this webinar, Greg Spicer, Co-Founder and CRO of Ostrich Cyber Risk, along with Kevin Gelsthorpe and John Feezell from Kyndryl, will dive into the intricacies of identifying your biggest cyber risks using NIST Cybersecurity Framework (NIST CSF). We then will explore how to determine which controls most effectively mitigate these risks and how to quantify their effectiveness in financial terms, and influence decisions with stakeholders in your business.

• Cyber risk quantification (CRQ) is an evolving discipline that is revolutionizing the way Chief Information Security Officers (CISOs) manage, mitigate and communicate cybersecurity risks within their organizations. This webinar delves into the "Top Five Ways CRQ Reduces Pain Across the Organization," offering insights into how CRQ provides a more structured and financial perspective on cyber risks than legacy solutions, enabling better decision-making and resource allocation. Speakers Andrew Shea and Adam Lamantia will provide attendees with five key areas where CRQ will directly improve outcomes in any organization.
  
  Key Takeaways:

• Learn how to partner effectively with your legal team on privacy & contractual and SEC related issues

• Learn how to present cyber risk quantification results to a CFO in their language

• Learn how to effectively approach your sales and marketing leadership to help them achieve revenue goals

• Learn how to integrate cyber risk quantification results into existing Enterprise Risk Management processes and presentations

• Learn how to position Cyber Risk Quantification to your organization's top business objectives - revenue, brand and operations

The cybersecurity landscape is constantly evolving, and financial institutions require a consistent, simple, and agile approach to mitigate widespread threats within their sector. In this webinar, the Ostrich Cyber-Risk and the Cyber Risk Institute (CRI) will collaborate to discuss NIST CSF 2.0 concerning financial institutions and strategies for maximizing the benefits of the CRI Profile, following the release of the Profile 2.0. In this session, the focus will be on understanding your organization's most significant cyber risks and identifying the controls that efficiently reduce those risks.

Key takeaways:

-Gain insight into your organization's most significant cyber risks.

-Identify the most effective controls for reducing these risks.

-Understand how to easily forecast and quantify risk in financial terms.

-Learn how to utilize these insights to drive proactive decision-making, aligned with your organization's governance.

The CISO community is abuzz about qualitative and quantitative risk assessments. What is a CISO to do?

This discussion will focus on how to determine a company's most significant cyber risks in financial terms and identify the controls that have the most significant impact on reducing those risks by utilizing both a qualitative and quantitative approach.

Join this Ostrich Cyber-Risk sponsored webinar for a discussion with Arlan McMillian, the Chief Security Officer of Kirkland & Ellis, and Jack Whitsitt, the Director of Cyber Risk Quantification of Ostrich Cyber-Risk.

In this webinar, participants will be introduced to a simple way to think about and communicate the relative value of data inputs to FAIR analysis and learn about the concept of a “risk information classification framework”.

Attendees will also hear about how such a framework may be used for reducing the likelihood of “analysis data rejection” from the business and how to implement a managed approach for improving precision, visibility, and confidence in analysis.

In this webinar, participants will be introduced to a simple way to think about and communicate the relative value of data inputs to FAIR analysis and learn about the concept of a “risk information classification framework”.

Attendees will also hear about how such a framework may be used for reducing the likelihood of “analysis data rejection” from the business and how to implement a managed approach for improving precision, visibility, and confidence in analysis.

Link coming soon.

In this webinar, the Ostrich team will help participants understand the missing link - Cyber Risk Quantification (CRQ) Scenarios - in determining control efficacy.

Participants will also learn how the CRI Profile and CRQ methodologies can work in conjunction to help organizations measure their risk, identify and communicate confidence levels in their decisions, and distinguish between how well controls perform and how much that performance matters to the business.

The material will be aimed introducing participants who are new to CRQ to key concepts, but practitioners and leaders with more experience may benefit from our perspective on these topics.

Register here.

As the December 2023 SEC deadline approaches, it is crucial for organizations to prepare for changes effectively.

Join this webinar with Jack Whitsitt, Director of Cyber Risk Quantification (CRQ) at Ostrich Cyber-Risk, where he will cover:

Materiality & Risk: Understand the importance of materiality, risk appetite, tolerance, thresholds, and how to assess and quantify them.

CRQ Integration: Learn how CRQ seamlessly measures these concepts, facilitating clear communication with the SEC and your Board.

Implementation Steps: Discover actionable steps you can take today.

The SEC recently adopted rules that require organizations to disclose details about cybersecurity incidents that they determine to be “material” and the “material aspects” of the incident, including impact and likely material impact. Organizations need to be able to consistently and coherently define these “material” cybersecurity events and risks, communicate precisely how these risks are being managed, and publicly disclose "material" cybersecurity events. Compliance requires precision, and Cyber Risk Quantification (CRQ), such as the Open FAIR™ Methodology, offers a comprehensive, systematic approach.

Join this webinar to hear a panel of professionals and experts discuss this recent SEC ruling and the applicability of CRQ techniques, including Open FAIR, for meeting these compliance requirements.

Register here.

Not all questions need to be answered in detail and often, less is more. Good FAIR practices not only acknowledge this reality but also take advantage of it for more effective and efficient quantification. In this webinar with guest speaker Tom Callaghan, Founder of C-Risk, we'll unveil best practices for maximizing CRQ efficiency and effectiveness.

The speakers will begin by introducing key concepts like ranges, reference classes, and decomposition before exploring their application and then diving into a series of real-world use cases. 

Key takeaways:

• Efficient approach to Cyber Risk Quantification that saves time and effort.

• Practical tips on utilizing FAIR practices for more effective risk quantification

• Real-world use cases showcasing the power of selective knowledge

• A refresher for experienced practitioners on when to stop for optimal results

In order to understand how best to plan for and execute Cyber Risk Quantification (CRQ) as a practice and a program, it’s best to start by understanding how it fits into more traditional Governance Risk Compliance (GRC).

Leveraging a CRQ tool in a GRC program provides a means to measure cyber risk levels objectively. CRQ is not intended to ‘replace’ or ‘bolt on’ to an existing GRC program. Instead, CRQ informs an evolution of existing practices, and those practices plus CRQ must be taken into consideration as they blend into an enhanced approach to decision-making by leveraging the common ground: METRICS.

In this webinar, you will learn how GRC programs and CRQ tools together will help you:

• More accurately estimate and track exposure of financial losses

• Prioritize between compliance and regulation requirements

• Prioritize cyber investments, allocate budget and adjust strategy

• Highlight the decrease in potential financial losses to determine which regulatory or compliance requirement is worth investing in

• Inform stakeholders how you are meeting new cyber regulations
  
  Register here

Often, when getting started with CRQ, organizations tend to focus on how to quantify individual scenarios. While this is an important step, it soon becomes clear that measuring risk for decision support purposes requires a suite of scenarios working in combination to suit a variety of purposes. This “scenario suite” should be treated as one entity composed of individual scenarios that are collectively comparable, fit for purpose, re-useable, and sustainable. At this webinar, we will introduce the concept of developing a “Measurement Plan” to support this concept and we will touch on several techniques that can be used to assure your Cyber Risk Quantification work meets both current and future needs.