World-class instructors teaching today's, critical cyber skills - SANS Online Training

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Measuring Risk Using the Open, Collective Risk Model (CRM) 

  • Thursday, June 10, 2021 at 1:00 PM EDT (2021-06-10 17:00:00 UTC)
  • James Tarala

You can now attend the webcast using your mobile device!

  

Overview

For many years the cybersecurity community has wrestled with effective methods for how to govern a cybersecurity program in light of an ever changing threat landscape. Most risk management methodologies have been primarily academic and as a result inaccessible to the average CISO, engineer, or auditor. The result often feels as if defensive control selection is more like throwing darts at a board than the result of thoughtful modeling. Add to the problem that organizations who have had success tend to keep their secret methods close or vendors want to charge for their secret sauce, it leaves the average security practitioners feeling confused and frustrated.

In this presentation, James Tarala, of SANS Institute and Enclave Security, will teach participants a practical methodology for governing and managing risk using a free and community driven risk model called the collective Risk Model (CRM). After years of frustration, a large group of community volunteers banded together to create a new model for managing risk that would be accessible to cyber security professionals at all levels. This included a common library of defensive cyber security controls mapped against guidance from the center for Internet Safety, NIST, ISO, PCI, and many other standard bodies. In addition, this library of defenses has been prioritized and tagged to make it easier for cyber security professionals to immediately use these free resources.

The cyber security community should be working together to make the world\'s data more secure and trustworthy. In this presentation, attendees will see results of the community banding together to create a common set of tools that anyone can use to better defend their organization. The processes laid out here help define how any control library, including the CIS Controls v8, is selected, and is foundational to understanding control selection in general. Attendees will walk away with a better understanding of a model that can be used and specific tools that can put into practice immediately after the presentation to help their organization defend their information systems, prioritize their cyber security activities and resources, and better present risk to leadership and key business stakeholders.

Speaker Bio

James Tarala

James Tarala is a principal consultant with Enclave Security based out of Venice, Florida, and a SANS Senior Instructor. As a consultant, he has spent the past several years designing large enterprise security and infrastructure architectures, helping organizations to perform security assessments, and communicating enterprise risk to senior leadership teams. He is the author and an instructor for SEC566: Implementing and Auditing the Critical Security Controls, SEC440: Critical Security Controls: Planning, Implementing, and Auditing, and a co-author and instructor for MGT415: A Practical Introduction to Cyber Security Risk Management. Read more about James here.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.