Welcome to Diana Initiative 2020 Virtual Conference.
For more information, please see our web site here :
Back To Schedule
Saturday, August 22 • 2:00pm - 2:30pm
Cyber Performance and Risk Quantification: Enabling Security Decision Makers

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Cyber risk has graduated from a being a non-traditional risk to a mainstream risk that underpins major organizational capabilities. Security personnel – spread across the spectrum from operations to the echelons at the C-suite are faced with the juxtaposition of risk and reward in a technology enabled world.
In this talk we explore, what makes the task of taking prudent decisions to secure technology and reduce cyber risk arduous. We also discuss the need to diversify cognitive intellect (gender, race, culture etc.) that drives cyber risk mitigation and how effective quantification techniques can strengthen decision making in the security realm.
Elemental and strategic decisions are often taken based on experience and not quantitative data-driven analysis. In instances where decisions are taken to proactively mitigate risk, it is often inevitable to reflect and wonder if resources were overspent on a threat that may never have materialized. After all, in the world of security the absence of certain outcomes is a measure of success.
The inherent challenge in security decision making is often exacerbated with a plethora of unstructured and irrelevant data. The quantification of cyber risk is a supplemental and essential part of the security decision-making dialogue. At the lowest level cyber performance quantification allows first line defenders to track effectiveness of activities across the board. At an Executive level, quantification allows for prudent allocation of resource and intellect to bolster organizational defensive capabilities.
Detail Outline 
  • Introduction [2 mins]
    • Background and experience
    • Why cyber quantification matters?
  • The decision maker’s dilemma [6 mins]
    • The security decision chain hierarchy
    • Data Fatigue
    • Decision inertia
    • The hindsight bias: Anticipating the known
    • Paradox of risk versus unknown or insufficient reward
  • Cognitive diversity in decision making [3 mins]
    • Role of diversity in leveraging / mitigating risk
    • Role of diversity in reacting to risk
    • Role of intellectual diversity in prioritizing security decisions
  • The makings of robust quantification [6 mins]
    • Quantification models
    • Active engagement
    • Consequence modeling
    • Contextualization of intelligence
    • Nudge theory
  • Benefits and parting words [3 mins]
    • Enabling deliberate decision making
    • Increasing accountability
    • Increasing situational and consequence awareness

avatar for Mysore Shruthi

Mysore Shruthi

Mysore Shruthi is a Senior Cyber Risk Advisory Consultant. Her primary focus is on helping organizations gain data-driven transparency into security performance while managing cyber risk. Having lived in four countries, she brings her global perspectives on cyber risk decision science... Read More →

Saturday August 22, 2020 2:00pm - 2:30pm PDT
Stage 1