Sikkerhetsfestivalen 2019
Der norge samles for å snakke om sikkerhet

6 - Ryan Mattinson

The risk of risk management

 
ManglerBildeAvPerson.png

Where?

Kulturhuset Banken/Festsalen

When?

Tirsdag, 09:00-09:30


 

Ryan Mattinson, Nagarro

Om foredraget

 Infosec professionals generally agree that security investments should be prioritized based on risk, so why are we so bad at measuring and communicating risk? In this talk we will examine the most widely used assessment methods and “conventional wisdom” in cyber and information security risk to separate the convention from the wisdom. Using examples from established fields with more mature risk management such as medicine, engineering and defense and highlights of more than 50 years of research across disciplines we will discuss which methods lead to better decisions and which methods actually obscure information while providing the illusion of communication. By the end of this talk, attendees will have a grasp of which methodologies are proven to lead to better business decisions, why this is the case and will hear how one Norwegian organisation went from a coloured matrix to measuring risk in terms expected loss and return on security investment in NOK.

Om foredragsholderen

BLBLBLand which methods actually obscure information while providing the illusion of communication. By the end of this talk, attendees will have a grasp of which methodologies are proven to lead to better business decisions, why this is the case and will hear how one Norwegian organisation went from a coloured matrix to measuring risk in terms expected loss and return on security investment in NOK.