Defining a Cyber-Risk Appetite That Works (Repeat)

Posted on in Presentations

Many organizations have defined a risk appetite; however very few of these definitions are actually useful. For the most part they boil down to nothing more specific than “medium-low” and they rarely play a meaningful role in decision-making. In this session, Jack Jones will share a simple process for defining an unambiguous cyber-risk appetite that can drive better decision-making.

Learning Objectives:
1: Recognize the limitations of common risk appetite definitions.
2: Understand the various value propositions that come from a clearly defined risk appetite.
3: Learn how to apply the principles and methods shared to define a risk appetite that works.

Attendees should understand the principles and intent of risk appetite definitions, KRIs, KPIs and risk measurement.

Business Perspectives

risk management metrics governance risk & compliance



Share With Your Community