Cyber Risk Management Starts with Risk Quantification – Padraic O’Reilly – BSW #332
Full Audio
View Show IndexSegments
1. Cyber Risk Management Starts with Risk Quantification – Padraic O’Reilly – BSW #332
Cyber has been an historically hermetic practice. A dark art. Full of mysteries and presided over by magicians both good and bad. This is a bit of an exaggeration, yet there is some truth to it. Many in our industry knew that the SEC was evaluating the role that cyber risk management and incident disclosure plays in the pricing mechanism for an equity. Many of the participants in GRC, IRM, and Cyber Risk anticipated this before the SEC had even proposed such rules. Boards, C-Suites, and Information security teams within publicly traded companies brought it up occasionally in the year preceding its adoption. Lawyers on K Street actively advocated in the press against enacting such rules, and there is still a hearty back and forth concerning the merits of SEC involvement in cyber risk. But more transparency is a very welcome development. For investors, it’s essential.
Industry veterans say that this development hearkens back to Sarbanes Oxley, which had very big implications for Governance, Risk, and Compliance. This is likely cyber risk’s SOX moment, and the drop date is December 15th of this year on all 10-K filings. The SEC will not look kindly upon boilerplate disclosures, particularly if a cyber attack with significant losses occurs. So where do you start?
This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!
Sponsored By
Announcements
Security Weekly listeners: Cyber threats are evolving — is your organization keeping up? The 2023 Cybersecurity Year in Review is Here! Uncover the latest challenges and strategic responses in CRA's 2023 Cybersecurity Year in Review – sponsored by RSA Conference. From the impact of generative AI to the risks of ransomware to navigating new SEC rulings, get ahead for 2024 with your free copy. Download the report at securityweekly.com/yearinreview2023
Guest
Padraic O’Reilly is Chief Product Officer and Co-Founder at CyberSaint, where he leads product innovation and development. His experience as a Harvard-trained economist, IT risk and compliance consultant, and his rapid exposure to Cybersecurity led him to seek out CISOs, CIOs, and Boards of Directors at global organizations to pursue the answer to the question – how can cyber be managed, measured, and understood like any other business function? Padraic’s current activity spans working directly with organizations from public agencies to private companies across the globe to understand how to measure cyber risk, especially amidst the global pandemic which is fueling massive digital transformation projects around the world. Padraic was a key member of the group providing feedback on the NIST Cybersecurity Framework during its development, and is an expert in regulatory standards both in security and privacy, including the NIST Risk Management and NIST Privacy Frameworks. An expert in Artificial Intelligence (AI) and economic modeling, Padraic works with members of the Global 500 to research and deploy risk quantification, risk intelligence gathering, and risk reporting and communication strategies. Padraic also holds a patent entitled, “System And Method for Monitoring And Grading A Cybersecurity Framework” which has inspired much of his work on cohesive IT and cyber risk management approaches.
Hosts
2. Effective Security Strategy, Overlooked Leadership Attributes, and Fun Icebreakers – BSW #332
In the leadership and communications section, Building an Effective Information Security Strategy, What Makes a Company Great at Producing Leaders?, 80 Fun Meeting Icebreakers Your Team Will Love, and more!
Announcements
Dive deeper into the world of cybersecurity with Security Weekly on Instagram! Follow us @SecWeekly to find exclusive clips, hilarious memes, behind-the-scenes sneak peeks, and more! Stay connected, stay informed, and join our growing community!
Hosts
- 1. Cybersecurity Regulation Overview
In addition to the evolving cyber threat landscape, boards are also facing a more complex regulatory environment. The U.S. Securities and Exchange Commission (SEC) has adopted new cybersecurity rules that will take effect on December 15, 2023. These rules primarily target publicly listed companies, but they also apply to some private companies and should be on the radar of all organizations.
- 2. Building an Effective Information Security Strategy
Adopt the best practices for establishing and improving your security program using effective strategy planning.
- 3. Exploring Often Overlooked Leadership Attributes
When it comes to leadership, there are certain qualities that are often emphasized, such as charisma, decisiveness, and vision. While these traits are certainly important, there are other, more underrated qualities that are just as crucial for effective leadership.
- 4. What Makes a Company Great at Producing Leaders?
GE is well known as an “academy company” — a talent incubator that exports effective leaders to other organizations and even industries. To better understand which companies are top talent incubators today, the authors worked with the Official Board, a firm that provides data on corporate organizational charts and executive movement, to survey of 853 executives and interview executive search consultants. They identified four qualities that set these companies apart: 1) They take a strategic approach to attracting, developing, and retaining talent; 2) They heavily invest in training and development; 3) They have strong cultures and internal operations; and 4) They’re respected in the broader environment.
- 5. 80 Fun Meeting Icebreakers Your Team Will Love in 2023
When most people hear the word “icebreaker,” they think of boring, silly, or awkward. In this post, I want to share 80 meeting icebreakers that are:
- fun
- quick-bonding
- easy to do
- 6. 10 Life-Changing Steps to Become the Best Version of Yourself
Here are 10 steps to teach you how to be the best:
Step #1: Know Your Purpose Step #2: Embrace Fear of Failure Step #3: Control Your Mind Step #4: Harness Your Systems Step #5: Expect Luck Step #6: Assimilate Your Expectations Step #7: Avoid Mental Handicapping Step #8: Hustle, Don’t Excuse Step #9: Be Great, Not Perfect Step #10: Reframe Your Competition
