Defining a Cyber-Risk Appetite That Works

Posted on in Presentations

Many organizations have defined a risk appetite; however very few of these definitions are actually useful. For the most part they boil down to nothing more specific than “medium-low” and they rarely play a meaningful role in decision-making. In this session, Jack Jones will share a simple process for defining an unambiguous cyber-risk appetite that can drive better decision-making.

Learning Objectives:
1: Recognize the limitations of common risk appetite definitions.
2: Understand the various value propositions that come from a clearly defined risk appetite.
3: Learn how to apply the principles and methods shared to define a risk appetite that works.

Attendees should understand the principles and intent of risk appetite definitions, KRIs, KPIs and risk measurement.

Jack Jones


Chairman, FAIR Institute

Business Perspectives

risk management metrics governance risk & compliance



Share With Your Community