Join us on Tuesday, June 21, 2022 at 1:00 PM ET for the CIS RAM v2.1 workshop. HALOCK partner Chris Cronin will be presenting the latest release which includes Implementation Group 3 (IG3).
CIS RAM v2.1 (Center for Internet Security® Risk Assessment Method) is a free information risk assessment method designed to help justify investments for reasonable implementation of the CIS Critical Security Controls (CIS Controls). It provides step-by-step instructions, examples, templates, and exercises for conducting risk assessments so that they meet the requirements of established information security risk assessment standards, legal authorities, and regulators.
CIS developed CIS RAM v2.1 through an ongoing partnership with HALOCK Security Labs. HALOCK and CIS first collaborated to bring the methods to the public as CIS RAM v1.0 in 2018. Since then, HALOCK had been providing CIS RAM methods with a positive response from legal authorities, regulators, attorneys, business executives, and technical leaders.
CIS is a founding member of The DoCRA Council, an organizations which maintains the risk analysis standard that CIS RAM v1.0 is built upon.
What attendees will learn in this webinar:
- An overview of how to conduct a risk assessment using CIS RAM v2.1 for IG3
- A step-by-step tutorial of the activities an IG3 enterprise will take to conduct a risk assessment using CIS RAM v2.1, including:
- How to complete the Impact Criteria Survey
- Defining Impact Areas (Mission, Operational Objectives, Financial Objectives, Obligations)
- Defining Impact Magnitudes (Negligible, Acceptable, Unacceptable, High, Catastrophic)
- How to complete the Enterprise Parameters
- Defining criteria for Impact, Expectancy, and Risk Acceptance
- How to complete a Risk Register
- Identifying and evaluating risks using the CIS Controls
- Understanding Risk Treatment to reduce risks to an acceptable level
- How you can apply both a quantitative and qualitative approach to a CIS RAM risk assessment
- How the Center for Internet Security’s Community Defense Model (CDM) v2.0 was integrated into CIS RAM 2.1 for IG3 to assist in threat modeling
PRESENTER: Chris Cronin is a partner at HALOCK Security Labs and Chair of the DoCRA Council. He is the principal author of the DoCRA Standard and CIS RAM, Center for Internet Security’s Risk Assessment Method. Chris’ clients include Fortune 100 companies, large- and mid-sized organizations, start-ups, litigators, and regulators. Since 2010, Chris has helped his clients manage their information security risks to an evidence-based, reasonable level. Chris’ work as an expert witness has helped his clients, regulators, and litigators evaluate the reasonableness of security controls and programs during regulatory oversight or post-breach legal action. Chris is a frequent speaker and cybersecurity writer. He collaborates with peers in industry collaboratives and think tanks, including Sedona Conference, to help bring equity and due care to cybersecurity and risk management.