This session will review the Cyber-Risk Framework implemented by TIAA that scales from the granular level up to business-level aggregate risk reporting, avoiding some typical pitfalls by avoiding being too narrow or broad. Included in this session will be discussions about policy, standards, configuration baselines, quantification, ORM/ERM risk reporting and project lifecycle engagement.
Learning Objectives: 1: Sharing the successes and challenges of risk management tools and techniques. 2: Educating about the relationship between risk assessment and management action. 3: Equipping attendees with tools and techniques to take back and implement.