Implementing a Quantitative Cyber-Risk Framework: A FinSrv Case Study

Posted on in Presentations

This session will review the Cyber-Risk Framework implemented by TIAA that scales from the granular level up to business-level aggregate risk reporting, avoiding some typical pitfalls by avoiding being too narrow or broad. Included in this session will be discussions about policy, standards, configuration baselines, quantification, ORM/ERM risk reporting and project lifecycle engagement.

Learning Objectives:
1: Sharing the successes and challenges of risk management tools and techniques.
2: Educating about the relationship between risk assessment and management action.
3: Equipping attendees with tools and techniques to take back and implement.

Jack Freund


Head of Cyber Risk Methodology, Visible Risk (Moody's/Team8 JV)

Security Strategy & Architecture

risk management governance risk & compliance



Share With Your Community