Despite our best efforts to vet third parties individually, third-party data breaches still occur. Current third-party risk assessments focus solely on third parties in isolation, leaving an unexamined, cumulative, residual risk of data breach building with each third party. It is time to unveil this cumulative risk by using a clear, simple and data-driven strategy that’s built to predict and prevent.
Join us in a virtual workshop where we’ll introduce you to a breakthrough formula to predict the expected frequency of such third-party data breaches. The workshop is centered around a new white paper that elevates third-party risk management from compliance checkbox to a proactive strategy for risk mitigation. This new formula has been validated using real-world breach data and can be operationalized to protect revenue streams, strengthen business continuity, and, most importantly, move the needle on real risk reduction. We will also introduce a new concept for vendor management, Cumulative Risk Budgeting, which is a method for allocating risk to different categories of third parties based on breach probability and data sensitivity.
Takeaways include:
How to perform a simple calculation to determine expected breach frequency.
A user-friendly template to assist in calculating breach frequency for your own organization
How to explain the basis of the calculation.
· How to communicate the results to business leaders. ·
And a white paper to reference and share.
Whether you are a CISO, CIO, COO, Risk Director, Analyst, Auditor, Regulator or Compliance leader, this session will equip you with a practical tool to make informed, faster and more defensible decisions in a massively outsourced third-party universe.
SPEAKERS:
Dr. Thomas Lee is the CEO of VivoSecurity, a Silicon Valley based company focused on data collection, regression modeling and machine learning, to bring predictability to the randomness of data breach. Thomas has more than 30-years of experience finding “signal in noise”, for industrial engineering, for business and for medicine, using digital signal processing, digital image processing, pattern matching in Fourier space, regression analysis, singular value decomposition, and machine learning. In cybersecurity, Thomas has developed models to forecast online banking fraud, probability for PII data breach, probability for lawsuits and costs in the event of a PII data breach. Thomas has given many talks on a science-based approach to security including to ISACA, ISC2 and ISSA chapters, and Black Hat (SecTor) Canada.
Thomas holds BS degrees in Physics and Electrical Engineering from the University of Washington, and PhD in Biophysics from the University of Chicago.
Dr Thomas Lee: https://www.linkedin.com/in/thomas-lee-phd-b7766b10/Patricia Drooff - Patricia is an InfoSec and GRC leader with rare expertise in applying probability theory and regression modeling to the management of third-party data breach risk. She is skilled in architecting and maturing risk management and GRC programs in industries including healthcare, global marketing, SAAS, nuclear research and power generation.
Patricia holds a BA in Biology with a concentration in Chemistry from Regis College and an MS in Health Physics from The University of Massachusetts.
Patricia Drooff: https://www.linkedin.com/in/patriciadrooffTimothy Smith - Tim is retired after 20 years with KPMG LLP and KPMG International. His most recent role was in product development of the data management component of KPMG’s audit software, KPMG Clara. He previously led the IT Audit practice for KPMG’s San Diego office and also served as IT Audit Manager in LPL Financial, the nation’s largest independent broker-dealer.
Tim is a California-licensed CPA, a Certified Information Systems Auditor (CISA) and a Certified Information Technology Professional (CITTP). He received a BA in Chinese from UCLA and had an earlier career as a translator.
Tim Smith: https://linkedin.com/in/timothyksmith