Upcoming events…


Assessing & Quantifying Enterprise GenAI Risk
Dec
10

Assessing & Quantifying Enterprise GenAI Risk

The rapid rise of generative AI has created new opportunities for the enterprise while also introducing new risk issues that must be measured, prioritized and addressed. New tech, advanced models enabling innovative business applications result in unique risk scenarios and mitigation options that may challenge the cyber focused risk analyst. What approach should be used? How can the FAIR risk analyst decompose the problem and deliver credible, defensible guidance?

This session will examine how to apply the FAIR-AIR Approach Playbook created by the FAIR Institute to quantify AI risk in financial terms allowing stakeholders to make rational business decisions (cost-benefit) on risk treatment options.

Key Takeaways:

  • Help you identify your AI loss exposure and enable risk-based decisions

  • Insure proper data and alignment for scenarios and use cases

  • Know how to meet the business needs and enable AI deployment

View Event →
FAIRCON 2024
Sep
29
to Oct 3

FAIRCON 2024

Cyber risk evolves rapidly with your business, threat landscape, regulatory environment, third-party ecosystem and more. Your risk management must adapt quickly while improving your bottom line and protecting long-term value. The 2024 FAIR Conference (FAIRCON24) is the only global conference that tackles this challenge.

At FAIRCON24, more than 70 CISOs, CIOs, board members and other cyber risk leaders and stakeholders will speak on challenges such as third-party risk management, cyber reporting for the board, automating and scaling your program, and emerging risk areas such as AI. 

Conference attendees will discover a more modern approach to cyber risk management built on the FAIR cyber risk quantification model and including essential program elements, process automation, data visualization and analytics, and GenAI.

View Event →
Applying Open FAIR™ Risk Analysis:The Open Group Use Case for Ostrich Cyber-Risk Birdseye™
Sep
18

Applying Open FAIR™ Risk Analysis:The Open Group Use Case for Ostrich Cyber-Risk Birdseye™

In this webinar, Greg Spicer, Co-Founder and CRO of Ostrich Cyber Risk, along with Andras Szkal and John Linford of The Open Group will dive into the intricacies of identifying your biggest cyber risk. We then will explore how to determine which controls most effectively mitigate these risks and how to quantify their effectiveness in financial terms, and influence decisions with stakeholders in your business. 

View Event →
Ostrich Cyber-Risk’s Q3 Product Briefing - Enhanced Risk Control Mapping in Birdseye™
Aug
15

Ostrich Cyber-Risk’s Q3 Product Briefing - Enhanced Risk Control Mapping in Birdseye™

Join us for an in-depth product briefing where we'll cover the significant updates to Ostrich's Birdseye™ application. This webinar will highlight how our latest advancements enhance the mapping of risks to controls, ensuring your firm can most effectively reduce cyber risks.

During this session, you'll get an exclusive look at the new features and improvements in Birdseye™, with a focus on its upgraded Risk Analysis page. Learn how these updates can streamline your risk management processes and bolster your organization's security posture.

Key Highlights:

-Detailed overview of the major updates to the Birdseye™ application

-Enhanced mapping of risks to controls for effective cyber risk reduction

-Demonstration of the improved Risk Analysis page

-Interactive Q&A session with our experts

View Event →
NIST CSF Effectiveness: Controls and Quantification
Jul
10

NIST CSF Effectiveness: Controls and Quantification

In this webinar, Greg Spicer, Co-Founder and CRO of Ostrich Cyber Risk, along with Kevin Gelsthorpe and John Feezell from Kyndryl, will dive into the intricacies of identifying your biggest cyber risks using NIST Cybersecurity Framework (NIST CSF). We then will explore how to determine which controls most effectively mitigate these risks and how to quantify their effectiveness in financial terms, and influence decisions with stakeholders in your business.

View Event →
Top Five Ways Cyber Risk Quantification (CRQ) Reduces Pain Across the Organization
Apr
25

Top Five Ways Cyber Risk Quantification (CRQ) Reduces Pain Across the Organization

  • Cyber risk quantification (CRQ) is an evolving discipline that is revolutionizing the way Chief Information Security Officers (CISOs) manage, mitigate and communicate cybersecurity risks within their organizations. This webinar delves into the "Top Five Ways CRQ Reduces Pain Across the Organization," offering insights into how CRQ provides a more structured and financial perspective on cyber risks than legacy solutions, enabling better decision-making and resource allocation. Speakers Andrew Shea and Adam Lamantia will provide attendees with five key areas where CRQ will directly improve outcomes in any organization.

    Key Takeaways:

  • Learn how to partner effectively with your legal team on privacy & contractual and SEC related issues

  • Learn how to present cyber risk quantification results to a CFO in their language

  • Learn how to effectively approach your sales and marketing leadership to help them achieve revenue goals

  • Learn how to integrate cyber risk quantification results into existing Enterprise Risk Management processes and presentations

  • Learn how to position Cyber Risk Quantification to your organization's top business objectives - revenue, brand and operations

View Event →
NIST CSF 2.0 & The CRI Profile 2.0: How Financial Institutions Can Achieve Maximum Benefit
Apr
17

NIST CSF 2.0 & The CRI Profile 2.0: How Financial Institutions Can Achieve Maximum Benefit

The cybersecurity landscape is constantly evolving, and financial institutions require a consistent, simple, and agile approach to mitigate widespread threats within their sector. In this webinar, the Ostrich Cyber-Risk and the Cyber Risk Institute (CRI) will collaborate to discuss NIST CSF 2.0 concerning financial institutions and strategies for maximizing the benefits of the CRI Profile, following the release of the Profile 2.0. In this session, the focus will be on understanding your organization's most significant cyber risks and identifying the controls that efficiently reduce those risks.

Key takeaways:

-Gain insight into your organization's most significant cyber risks.

-Identify the most effective controls for reducing these risks.

-Understand how to easily forecast and quantify risk in financial terms.

-Learn how to utilize these insights to drive proactive decision-making, aligned with your organization's governance.

View Event →
Effective Cyber Risk Program Management in 2024: An Interview with the Experts
Feb
20

Effective Cyber Risk Program Management in 2024: An Interview with the Experts

The CISO community is abuzz about qualitative and quantitative risk assessments. What is a CISO to do?

This discussion will focus on how to determine a company's most significant cyber risks in financial terms and identify the controls that have the most significant impact on reducing those risks by utilizing both a qualitative and quantitative approach.

Join this Ostrich Cyber-Risk sponsored webinar for a discussion with Arlan McMillian, the Chief Security Officer of Kirkland & Ellis, and Jack Whitsitt, the Director of Cyber Risk Quantification of Ostrich Cyber-Risk.

View Event →
Starting Your Quantified Risk Measurement Journey
Feb
15

Starting Your Quantified Risk Measurement Journey

In this webinar, participants will be introduced to a simple way to think about and communicate the relative value of data inputs to FAIR analysis and learn about the concept of a “risk information classification framework”.

Attendees will also hear about how such a framework may be used for reducing the likelihood of “analysis data rejection” from the business and how to implement a managed approach for improving precision, visibility, and confidence in analysis.

View Event →
FAIR Analysis: Throwing the “Bad” Data in With the “Good”
Dec
6

FAIR Analysis: Throwing the “Bad” Data in With the “Good”

In this webinar, participants will be introduced to a simple way to think about and communicate the relative value of data inputs to FAIR analysis and learn about the concept of a “risk information classification framework”.

Attendees will also hear about how such a framework may be used for reducing the likelihood of “analysis data rejection” from the business and how to implement a managed approach for improving precision, visibility, and confidence in analysis.

View Event →
Control Performance vs Control Efficacy: A (Quantified) Risk Perspective
Nov
15

Control Performance vs Control Efficacy: A (Quantified) Risk Perspective

Link coming soon.

In this webinar, the Ostrich team will help participants understand the missing link - Cyber Risk Quantification (CRQ) Scenarios - in determining control efficacy.

Participants will also learn how the CRI Profile and CRQ methodologies can work in conjunction to help organizations measure their risk, identify and communicate confidence levels in their decisions, and distinguish between how well controls perform and how much that performance matters to the business.

The material will be aimed introducing participants who are new to CRQ to key concepts, but practitioners and leaders with more experience may benefit from our perspective on these topics.

View Event →
Ostrich Cyber Risk’s 4 Steps to SEC Compliance - Sponsored Webinar with FAIR Institute
Oct
4

Ostrich Cyber Risk’s 4 Steps to SEC Compliance - Sponsored Webinar with FAIR Institute

Register here.

As the December 2023 SEC deadline approaches, it is crucial for organizations to prepare for changes effectively.

Join this webinar with Jack Whitsitt, Director of Cyber Risk Quantification (CRQ) at Ostrich Cyber-Risk, where he will cover:

Materiality & Risk: Understand the importance of materiality, risk appetite, tolerance, thresholds, and how to assess and quantify them.

CRQ Integration: Learn how CRQ seamlessly measures these concepts, facilitating clear communication with the SEC and your Board.

Implementation Steps: Discover actionable steps you can take today.

View Event →
Open Group Panel: The SEC, CRQ, and “Materiality”
Sep
7

Open Group Panel: The SEC, CRQ, and “Materiality”

The SEC recently adopted rules that require organizations to disclose details about cybersecurity incidents that they determine to be “material” and the “material aspects” of the incident, including impact and likely material impact. Organizations need to be able to consistently and coherently define these “material” cybersecurity events and risks, communicate precisely how these risks are being managed, and publicly disclose "material" cybersecurity events. Compliance requires precision, and Cyber Risk Quantification (CRQ), such as the Open FAIR™ Methodology, offers a comprehensive, systematic approach.

Join this webinar to hear a panel of professionals and experts discuss this recent SEC ruling and the applicability of CRQ techniques, including Open FAIR, for meeting these compliance requirements.

View Event →
Mastering Cyber Risk Quantification (CRQ): Embracing the Power of Knowing When to Stop
Aug
2

Mastering Cyber Risk Quantification (CRQ): Embracing the Power of Knowing When to Stop

Register here.

Not all questions need to be answered in detail and often, less is more. Good FAIR practices not only acknowledge this reality but also take advantage of it for more effective and efficient quantification. In this webinar with guest speaker Tom Callaghan, Founder of C-Risk, we'll unveil best practices for maximizing CRQ efficiency and effectiveness.

The speakers will begin by introducing key concepts like ranges, reference classes, and decomposition before exploring their application and then diving into a series of real-world use cases. 

Key takeaways:

  • Efficient approach to Cyber Risk Quantification that saves time and effort.

  • Practical tips on utilizing FAIR practices for more effective risk quantification

  • Real-world use cases showcasing the power of selective knowledge

  • A refresher for experienced practitioners on when to stop for optimal results

View Event →
Webinar - GRC and CRQ: A (Good) Story of Codependency - Sponsored Webinar w/ FAIR Institute 
Jul
12

Webinar - GRC and CRQ: A (Good) Story of Codependency - Sponsored Webinar w/ FAIR Institute 

In order to understand how best to plan for and execute Cyber Risk Quantification (CRQ) as a practice and a program, it’s best to start by understanding how it fits into more traditional Governance Risk Compliance (GRC).

Leveraging a CRQ tool in a GRC program provides a means to measure cyber risk levels objectively. CRQ is not intended to ‘replace’ or ‘bolt on’ to an existing GRC program. Instead, CRQ informs an evolution of existing practices, and those practices plus CRQ must be taken into consideration as they blend into an enhanced approach to decision-making by leveraging the common ground: METRICS.

In this webinar, you will learn how GRC programs and CRQ tools together will help you:

  • More accurately estimate and track exposure of financial losses

  • Prioritize between compliance and regulation requirements

  • Prioritize cyber investments, allocate budget and adjust strategy

  • Highlight the decrease in potential financial losses to determine which regulatory or compliance requirement is worth investing in

  • Inform stakeholders how you are meeting new cyber regulations

    Register here

View Event →
Measurement Planning Webinar in Partnership with FAIR Institute
May
24

Measurement Planning Webinar in Partnership with FAIR Institute

Often, when getting started with CRQ, organizations tend to focus on how to quantify individual scenarios. While this is an important step, it soon becomes clear that measuring risk for decision support purposes requires a suite of scenarios working in combination to suit a variety of purposes. This “scenario suite” should be treated as one entity composed of individual scenarios that are collectively comparable, fit for purpose, re-useable, and sustainable. At this webinar, we will introduce the concept of developing a “Measurement Plan” to support this concept and we will touch on several techniques that can be used to assure your Cyber Risk Quantification work meets both current and future needs.

View Event →
SiRAcon Training Seminar
May
16
to May 19

SiRAcon Training Seminar

We are sponsoring SiRAcon 2023! This year's attendees have the option to add-on cyber risk quantification training given by Ostrich Cyber Risk's, Jack Whitsitt. This experience-driven training will provide tips, tricks, and insights to help bridge knowledge gaps commonly found between the ability of individuals to perform basic CRQ analysis and the successful application by organizations of CRQ for decision support. The material will be based on OpenFAIR™ and other common practices and will extend the learning experience to focus on unique or helpful application of those practices that might otherwise be overlooked or which might be thought of as out of scope.

View Event →