Organizations have sophisticated models for assessing many types of risk that face their organization, including property damage, injury compensation, and the risk of product failure. In cyber however, organizations often resort to 'red, yellow, green' assessments instead of using data driven methods. This talk presents a case study from a large organization showing how historical incident data can be used to quantify cyber risk and return on security investment for different safeguards.
In this webinar, we describe how to:
Dr. Marshall Kuypers is the Director of Cyber Risk at Expanse, an SF-based startup. He received his doctorate from Stanford, focusing on data-driven methods for quantifying cyber risk. Marshall was a fellow at the Center for International Security and Cooperation (CISAC) from 2014-2016 where he worked on projects ranging from policy to technical matters in computer security. Marshall has also modeled cyber risk for the Jet Propulsion Lab, and assessed supply chain risk in cyber systems with Sandia National Labs.