This two-hour workshop will demonstrate how to conduct a risk assessment – from beginning to end – using CIS’ new risk assessment method. A brief introduction to CIS RAM’s foundations will be followed by example walk-throughs of developing criteria for assessing and accepting risk, for evaluating current controls for risk acceptability, and for modeling safeguards that are demonstrably reasonable and appropriate.
When: December 10, 2018. 10:00 AM – 12:00 PM Eastern
RSVP at cisram@halock.com
Chris Cronin, Partner – HALOCK Security Labs
Chris Cronin is the Principal Author of CIS RAM (Center for Internet Security Risk Assessment Method). Chris has acted as expert witness and has conducted risk assessments to support regulatory compliance, incident response planning, regulatory oversight, and ISO 27001 certification. Chris’ background as a technologist, business manager, and legal historian has provided his clients practical and balanced risk management programs.
Key Points:
While CIS RAM is a new risk assessment method, it is based on well-established legal principles for reasonableness and information security standards for analyzing risk. However, the new method and the DoCRA Standard on which it is based do challenge the public to think differently about risk. Common challenges for new users include how to:
• Define risk assessment criteria so they allow for comparison, reflect the organization’s values, and will hold up to public scrutiny.
• Model and select threats that are relevant to information assets and controls.
• Estimate the likelihood of risks.
• Determine when controls pose too great a burden on the organization.
• Select alternative controls that can reasonably address risks.
The CIS RAM workshop will demonstrate how organizations would use CIS RAM’s instructions and templates to succeed at these tasks.