AISA Webinar: Determining IT crown jewels from risk appetite

Share this page

Forgot?

Create a new account

AISA Webinar: Determining IT crown jewels from risk appetite

Hosted by the AISA Sydney Branch, please join us for an online presentation on informing cyber security management from risk appetite statement with Denny Wan, FAIR Institute Sydney Chapter AND a panel discussion with Roderick Brown, Digital NSW, Michael Collins, HESTA, Murray Goldschmidt, CyberCX, Branko Ninkovic, Dragonfly Technologies and David Tattam, Protecht Group on the hierarchy of risk appetite thresholds, supported by a transparent risk quantification methodology, to identify crown jewels.

Topic: Determining IT crown jewels from risk appetite
Hosted by the AISA Sydney Branch, please join us for an online presentation on informing cyber security management from risk appetite statement with Denny Wan, FAIR Institute Sydney Chapter AND a panel discussion with Roderick Brown, Digital NSW, Michael Collins, HESTA, Murray Goldschmidt, CyberCX, Branko Ninkovic, Dragonfly Technologies and David Tattam, Protecht Group on the hierarchy of risk appetite thresholds, supported by a transparent risk quantification methodology, to identify crown jewels

Presentation 1: Informing cyber security management from risk appetite statement
In Denny’s presentation he will explain how to maximise the consumption of ‘good risk” to optimise the delivery the enterprise mission beyond reducing risk. This paradigm shift is the result of the pivot from compliance to risk based management of Cyber Security Management. This approach demands a better understanding on the application of the risk appetite statement to inform decision making. The recently released NISTIR standard NISTIR 8286 is a blueprint for this approach, to integrate cybersecurity and enterprise risk management by applying the risk appetite statement. An important step in this approach is to calculate the decision thresholds informed by the risk appetite statement by applying the FAIR framework to quantifying cybersecurity risk in dollars.

Presentation 2: Panel discussion
The IT crown jewels are the most valuable or operationally vital systems or information in the organisation. The NSW Government Cyber Security Policy mandates agencies to report its “crown jewels” annually to their cluster CISO, or Cyber Security NSW. This includes software, hardware, communications and networks and, for the first time, industrial and automation control system or operational technology and the internet of things. The organisation’s risk appetite is a robust framework for identifying crown jewels. The panel will be moderated by Kerry McGoldrick, ShineWing Australia.

Join this webinar to hear from our expert speakers and participate in the discussion to learn more about determining the IT crown jewels from risk appetite.

Participants will have the opportunity to ask questions. This webinar will be recorded and the recording will be made available to registrants.

Speakers:
Denny Wan - Founder and co-chair at FAIR Institute Sydney Chapter
Denny is a thought leader in applying cyber risk quantification and the NIST endorsed Open Group FAIR framework. He is a strong communicator and community builder who found the FAIR Institute Sydney Chapter with a rapidly growing membership. His recent article "Targeting cyber security investment – the FAIR approach" is a practical guide for prioritising cyber security investments. His latest article "Building an APRA CPS 234 compliance template" explains how to quantify risk appetite and risk tolerance to identify the boundaries for GOOD risks, to improve competitiveness and profitability.

Roderick Brown - Manager, Policy Development and Coordination, Department of Customer Service at Digital NSW
Roderick is an experienced Strategic and Regulatory Policy Advisor with a demonstrated history of working in challenging Federal and State government roles. He is strong in Critical Analysis, Government, Communication, Relationship Building, and International Relations. He is strong community and social services professional with a Masters in Strategy and Policy from University of New South Wales / ADFA.

Michael Collins - General Manager Information Security at HESTA
Michael is a strong leader who drives positive cultural change and deliver effective digital transformation initiatives that benefit teams through increased engagement and productivity. He delivers new technology solutions and platforms by explaining the benefits they bring to business objectives. He is highly analytical who combines strong critical thinking and problem-solving abilities with his commercial skills to analyse current ways of working and determine opportunities for operational efficiencies.

Murray Goldschmidt - Executive Director – Cyber Capability, Education & Training at CyberCX
Murray is a Cyber Security Expert, having worked in the field of Information Security and Risk Management for over 20 years. He is a passionate contributor to the development of the information security industry. He is the co-founder and Chief Operating Officer at Sense of Security, and an Executive Director of CyberCX. He frequently invited to present on security topics at conferences, workgroups and seminars.

Branko Ninkovic - Founder & Executive Director at Dragonfly Technologies
Branko is the founder of Dragonfly Technologies, a thriving cyber security practice servicing Australia's most security conscious ASX listed organisations. Dragonfly helps clients in areas such as Health Care, Federal Law Enforcement, Retailing, Banking, Finance and Taxation. Branko has over 20 years' experience specialising in cyber security. Over this time, Dragonfly has worked with many well-known and trusted brands to build in their cyber defences to protect, detect and respond to data breaches.

David Tattam - Chief of Research, Knowledge and Consulting at The Protecht Group
David thrives in spreading the word that risk management is an opportunity. Risk is “good” and has the potential to transform the way organisations do business. David is a highly experienced risk management practitioner with a primary focus in Enterprise Risk Management and Operational Risk Management. He is the founder, and current Director of Research and Training at The Protecht Group, a global company headquartered in Sydney, Australia, focused on delivering risk management software, training, advisory and consulting to a wide client base including financial services, retail, transport, entertainment and government.

Panel Moderator: Kerry McGoldrick - Partner at ShineWing Australia
Kerry has deep industry and advisory experience across the commercial and public sectors. He works closely with clients to transform their approach by aligning practices and performance with the organisation’s strategy and desired culture to deliver tangible outcomes. He is a skilled facilitator who understands the art and science of risk management. He brings hands-on experience in assisting senior executive teams and boards to achieve their objectives.

Register:

This webinar is free and only available to AISA Members, please click on the registration link below:
https://us02web.zoom.us/webinar/register/WN_0PoMzYRoQMuLjNgWTMVVtQ

Non AISA Members: If you would like to become an AISA member you can join here

For any queries regarding this event, please contact AISA Event & Sponsorship Manager, Susanna Palermo via email [email protected] or visit our website www.aisa.org.au

Date: Thursday 26 August 2021

Time Zones:

12:00pm - 1:00pm AEST (Brisbane, Canberra, Melbourne Sydney & Hobart)
11:30am - 12:30pm ACST (Adelaide & Darwin)
10:00am - 11:00am AWST (Perth)

Participate in the webinar:

Please note that you will need to register in Zoom and provide a valid email, so that you can receive the unique registration link to log into the webinar
Use this link and ensure you logon to the webinar at least 5 minutes prior to the start time
You will require a strong and stable internet connection
It is recommended you use a headset or headphones so you can hear the presentation
A recording of the live session will be available for registrants after the event

Disclaimer:

AISA presentations are intended for educational purposes only. Statements of fact and opinions expressed are those of the participants individually and, unless expressly stated to the contrary, are not the opinion or position of AISA, its sponsors, or its partners. AISA does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented. Attendees should note that sessions may be recorded and published in various media, including print, audio and video formats without further notice.

AISA has evaluated the use of Zoom based on the Traffic Light Protocol which was facilitated for greater information sharing. AISA webinars are considered TPL White as the information contains minimal or no foreseeable risk of misuse. In addition AISA has evaluated the use of Zoom for this purpose as aligned to ACSC Web Conferencing Security, April 2020, see link at https://www.cyber.gov.au/publications/web-conferencing-security and has implemented controls to minimise risks. You are required to register for the webinar via the Zoom platform. Please refer to the Zoom privacy policy here - https://zoom.us/privacy

When

26/08/2021 12:00 PM - 1:00 PM
AUS Eastern Standard Time

Where

Online webinar