Mastering Cyber Risk - Hands-On Experience with Industry Leading ToolsElevate Your Cyber Risk Management with CRQ Essentials
Trainers: Michal Hanus, Cyber Security Consultant, and Jan Kepic
Duration: 8 hours (including Lunch and 2x Coffee Breaks)
Training language: English
Number of attendees: max 25 persons
Training Description:
Embark on a journey to cybersecurity excellence with our Cyber Risk Quantification (CRQ) workshop. This is your opportunity to perfect practical CRQ skills under the guidance of seasoned expert Mgr. Michal Hanus, Ph.D. Join us at the Qubit Conference® in Prague to transform theoretical knowledge into actionable expertise, quantify cyber risks, and strategize countermeasures effectively. Join us and elevate your risk management strategy from questionable to quantifiable!
P1: A Dive into Traditional Methods
(“A problem well stated is a problem half solved.” – Charles Kettering)
Dive into the heart of cyber risk management and uncover the pitfalls of popular qualitative risk analysis. Learn why the conventional Risk = Threat x Vulnerability x Impact model, paired with the deceptive simplicity of risk matrices, fails to deliver. Discover how slight enhancements like Cyber Risk Quantification (CRQ) can revolutionize the process, turning cyber risk management into a valuable asset for your business.
P2: Redefining Risk Models for Practical Insights
(“All models are wrong, but some are useful.” – George Box)
Break away from the flawed qualitative mantra and embrace the scientific estimates and calculations that factor in the actual influence of threats and vulnerabilities in a robust scenario-specific risk model.
P3: Beyond One-Size-Fits-All: The Art of Precision and Accuracy in Risk Analysis
(“The flaw of averages.” – Sam Savage)
Discover the limitations of discrete quantitative analysis as ISO standards dictate, and learn why a single number can’t dictate your risk strategy.
P4: Bridging the Gap Between Theory and Real-World Application
(“In theory, theory and practice are the same. In practice, they are not.” – Benjamin Brewster)
Through practical workshops featuring real-world case studies, we showcase the comparative complexity of quantitative cyber risk analysis (CRQ) against current, completely inaccurate methods. You’ll master expert selection, calibration, and leveraging expert estimates to gauge inherent risks, measure mitigation effectiveness, and calculate residual risks.
P5: Correlation Is Not Causation, Moving Bottom-Up with Confidence
(“Risk comes from not knowing what you’re doing.” – Warren Buffett)
Part 4’s overview is now supported by a deep dive into actual scenarios from the energy sector’s critical infrastructure. Employing event and fault trees, we provide formal event tree analysis (ETA) and fault tree analysis (FTA), reinforcing the insights gained and ensuring a comprehensive understanding of the risks.
P6: Steer Clear of Spreadsheet Pitfalls – Embrace Sophisticated Solutions
(“Avoid spreadsheet misery; the price of using cheap spreadsheets is too high.” – Robert Brown)
We discuss the dangers of relying on complex spreadsheets for risk analysis and demonstrate how to integrate sophisticated CRQ estimates into a corporate GRC tool effectively.
Prerequisites:
- Participants should have some knowledge (introductory college course) of statistics and probability and be able to practically use their math skills at an intermediate (high-school) level.
- Participants should have advanced skills in MS Excel.
- Participants should have some knowledge of the principles and terminology used in Cybersecurity.
- Participants should know principles, concepts, and standard building blocks in a contemporary corporate ICT environment.
- Participants should have an advanced understanding of corporate risks, their life cycle in the corporate processes and tools, and general principles of corporate risk management.
For whom is the training intended?
Mid-level IT Managers and C-level Executives (e.g., CEO, CFO, COO, CIO, CCO, Head of Internal Audit, Head of Compliance, Corporate Risk Manager, IT Infrastructure Manager), Security and Privacy Managers (e.g., CISO, DPO), Cybersecurity, data protection, or compliance specialists (e.g., Security Analyst, Risk Analyst, Compliance Coordinator).