AISA Webinar: Applying FAIR methodology and connecting cybersecurity to ERM

Join the FAIR Institute Sydney Chapter and AISA Sydney Branch for an opportunity to initiate and expand upon your capability in quantitative risk management using FAIR. This online discussion will focus on applying the FAIR methodology to the new NISTIR 8286 standard connecting Cybersecurity to Enterprise Risk Management (ERM).




Join the FAIR Institute Sydney Chapter and AISA Sydney Branch for an opportunity to initiate and expand upon your capability in quantitative risk management using FAIR. This online discussion will focus on applying the FAIR methodology to the new NISTIR 8286 standard connecting Cybersecurity to Enterprise Risk Management (ERM).

The increasing frequency, creativity, and severity of cybersecurity attacks means that all enterprises should ensure that cybersecurity risk is receiving appropriate attention within their enterprise risk management (ERM) programs. NISTIR 8286 is intended to help individual organizations within an enterprise to manage their cybersecurity risks in the context of their broader mission and business objectives.

AISA champions the development of a robust information security sector by building the capacity of professionals in Australia and advancing the cyber security and safety of the Australian public as well as businesses and governments in Australia. NISTIR 8286 provides a blueprint for AISA members to collaborate with their ERM teams by quantifying cybersecurity risk in dollars using the FAIR framework.

Topic 1: Applying quantification to NISTIR 8286
A deep dive into the core principles in NISTIR 8286 and the structure of the standard. There are strong parallels between NISTIR 8286 and FAIR focusing on asset and threat identification to inform prioritisation decisions. An introduction to the FAIR framework will be provided with a walk through of the free resources and tools available to cyberrisk and ERM practitioners to get started on their NISTIR 8286 journey.

Speaker: Denny Wan (founder and co-chair of FAIR Institute Sydney Chapter)
Denny Wan
is a cyber security expert with over 20 years experience in the Australian IT security sector. He is the principal consultant of Security Express and the founder and chair of the Sydney Chapter of the FAIR Institute and Australian Cyber Insurance Think Tank. He has deep expertise in Cyber Risk Economics (CYRIE). It is an effective approach for prioritising cyber security investments and to explain its business values. He is a certified ISO27001 Lead Auditor, PCI QSA and CISSP. He is a postgraduate researcher at the Optus Macquarie University Cyber Security Hub researching into cyber risk management in the supply chains. This is a useful model for managing 3rd party supplier risks under compliance framework such as APRA CPS 234. 

Panel session: Integrating Cyberrisk with ERM
A group of senior executives discussing their experience and journeys integrating cyberrisk with ERM

Branko Ninkovic (moderator, AISA Sydney Branch Executive)
Branko Ninkovic has over 25 years' experience specialising in software and cyber security. Branko is known for his innovative and collaborative approach and the key to Branko's success is his ability to develop strong, enduring partnerships which are outcomes-driven, providing value to all involved. Branko is also the Australian Information Security Association (AISA) Sydney Chair. AISA is a not-for-profit organisation with a membership of over 6000 security professionals nationally. Branko was the recipient of AISA's 2019 Branch Chair of the Year award. 

In addition, Branko is also the co-founder of a healthcare startup, VAXXIN8, a digital platform, whose mission is to protect healthcare workers from vaccination preventable diseases. Branko is also a knowledgeable and engaging speaker on cybersecurity and business who has spoken at numerous events including IBM seminars and global vendor conferences, and a cybersecurity advisor to boards and mentor to young and upcoming cyber professionals.

Michael Collins (GM Information Security, HESTA)
Michael Collins focused on establishing and promoting information risk management best practices, educating and empowering business partners, executives and board members to achieve the right balance between value creation and value protection.
He currently lead the information risk and cyber security strategy for HESTA, Australia's leading Health and Community sector industry superannuation fund with over 860,000 members and $50Bn funds under management.

Matt Mueller (CIO, Iluka Resources)
Matt Mueller is the CIO of Iluka Resources and a non-executive director of Curtin University being a member of the Audit, Risk, Compliance committee of council.   Matt’s experience spans technology, strategy, risk and governance, having advised boards and executive teams across Australia, Singapore and New Zealand on a range of matters in these areas.  

Matt has held senior roles at Iluka, Origin Energy, EY, Western Power, and has been involved in technology consulting at Deloitte and led the technology advisory practice within a BRW Fast 100 company.    Matt has also lectured at Curtin University on technology, spoke on high performance teams as part of the UWA MBA programme, was the MC for several Governance Institute of Australia conferences, and presented at various events across Australia and Singapore.

Neil Kenzler (CRO, Teachers Mutual Bank)
Neil Kenzler is the Chief Risk Officer of Teachers Mutual Bank Limited. Neil has extensive experience in banking and superannuation. He successfully met the requirements of the Open FAIR Certification for People program.
Although now retired from that role, Neil was the driving force behind creating a $30m Affordable Housing portfolio for low income workers in Sydney’s Inner West.

Participants will have the opportunity to ask questions. This webinar will be recorded and the recording will be made available to registrants.  


This webinar is free and only available to AISA Members, please click on the registration link below:

Non AISA Members: If you would like to become an AISA member you can join here

For any queries regarding this event, please contact AISA Event & Sponsorship Manager, Susanna Palermo via email or visit our website

Date: Tuesday 24 November 2020

Time Zones:

  • 12:00pm - 1:00pm AEDT (Canberra, Hobart, Melbourne & Sydney)
  • 11:30am - 12:30pm ACDT (Adelaide)
  • 11:00am - 12:00pm AEST (Brisbane)
  • 9:00am - 10:00am AWST (Perth)

Participate in the webinar:

  • Once you have registered you will receive a confirmation email with the webinar registration link. Use this link and ensure you logon to the webinar at least 5 minutes prior to the start time
  • You will require a strong and stable internet connection
  • It is recommended you use a headset or headphones so you can hear the presentation
  • A recording of the live session will be available for registrants after the event


AISA has evaluated the use of Zoom based on the Traffic Light Protocol which was facilitated for greater information sharing.  AISA webinars are considered TPL White as the information contains minimal or no foreseeable risk of misuse.  In addition AISA has evaluated the use of Zoom for this purpose as aligned to ACSC Web Conferencing Security, April 2020, see link at and has implemented controls to minimise risks. You are required to register for the webinar via the Zoom platform.  Please refer to the Zoom privacy policy here -

11/24/2020 12:00 PM - 1:00 PM
AUS Eastern Standard Time
Online webinar