Download pdf
This session will review the Cyber-Risk Framework implemented by TIAA that scales from the granular level up to business-level aggregate risk reporting, avoiding some typical pitfalls by avoiding being too narrow or broad. Included in this session will be discussions about policy, standards, configuration baselines, quantification, ORM/ERM risk reporting and project lifecycle engagement.

Learning Objectives:
1: Sharing the successes and challenges of risk management tools and techniques.
2: Educating about the relationship between risk assessment and management action.
3: Equipping attendees with tools and techniques to take back and implement.