Implementing a Quantitative Cyber-Risk Framework: A FinSrv Case Study

Dr. Jack Freund, Director, Cyber Risk, TIAA This session will review the Cyber-Risk Framework implemented by TIAA that scales from the granular level up to business-level aggregate risk reporting, avoiding some typical pitfalls by avoiding being too narrow or broad. Included in this session will be discussions about policy, standards, configuration baselines, quantification, ORM/ERM risk reporting and project lifecycle engagement. Learning Objectives: 1: Sharing the successes and challenges of risk management tools and techniques. 2: Educating about the relationship between risk assessment and management action. 3: Equipping attendees with tools and techniques to take back and implement. https://www.rsaconference.com/videos/...

Join Today
Enterprise Risk Management, Cybersecurity Oversight and Cyber Risk's Future, with James Lam
▶︎

Enterprise Risk Management, Cybersecurity Oversight and Cyber Risk's Future, with James Lam

From SIEM to SOC: Crossing the Cybersecurity Chasm
▶︎

From SIEM to SOC: Crossing the Cybersecurity Chasm

Introduction with Risk Quantification and FAIR with Jack Jones
▶︎

Introduction with Risk Quantification and FAIR with Jack Jones

Nicholas Carlini - Black-hat LLMs | [un]prompted 2026
▶︎

Nicholas Carlini - Black-hat LLMs | [un]prompted 2026

"Unlock the Secret to Building the Perfect Risk Management Plan"
▶︎

"Unlock the Secret to Building the Perfect Risk Management Plan"

Conan O’Brien Delivers the Commencement Address | Harvard Commencement 2026
▶︎

Conan O’Brien Delivers the Commencement Address | Harvard Commencement 2026

Why Tabletop Exercises Make MSPs Indispensable to Their Clients
▶︎

Why Tabletop Exercises Make MSPs Indispensable to Their Clients

Insights from NSA’s Cybersecurity Threat Operations Center
▶︎

Insights from NSA’s Cybersecurity Threat Operations Center

How to Identify Key Risk Indicators (KRIs) for Cybersecurity with Marta Palanques, Steve Reznik, ADP
▶︎

How to Identify Key Risk Indicators (KRIs) for Cybersecurity with Marta Palanques, Steve Reznik, ADP

Why Israel is the World's Top Hacking Nation | VICE: Cyberwar | Blueprint
▶︎

Why Israel is the World's Top Hacking Nation | VICE: Cyberwar | Blueprint

A case study master class on Reporting Cyber Risk to the Board by Omar Khwaja
▶︎

A case study master class on Reporting Cyber Risk to the Board by Omar Khwaja

Cybersecurity Architecture: Response
▶︎

Cybersecurity Architecture: Response

Brian Tracy on Sales - Nordic Business Forum 2012
▶︎

Brian Tracy on Sales - Nordic Business Forum 2012

What You Need to Know about the Global Cybersecurity Regulatory Landscape
▶︎

What You Need to Know about the Global Cybersecurity Regulatory Landscape

Cybersecurity Trends in 2026: Shadow AI, Quantum & Deepfakes
▶︎

Cybersecurity Trends in 2026: Shadow AI, Quantum & Deepfakes

The 20 Critical Security Controls: From Framework to Operational to Implementation
▶︎

The 20 Critical Security Controls: From Framework to Operational to Implementation

Doug Hubbard: How to Measure Anything in Cybersecurity Risk
▶︎

Doug Hubbard: How to Measure Anything in Cybersecurity Risk

How to Make Sense of Cybersecurity Frameworks
▶︎

How to Make Sense of Cybersecurity Frameworks

AI Governance Strategy for CISOs: Managing Agentic Access at Scale
▶︎

AI Governance Strategy for CISOs: Managing Agentic Access at Scale

Inside the Mesh - Episode 2
▶︎

Inside the Mesh - Episode 2