Defining and using a cyber-risk appetite

Many organizations have defined a risk appetite, however very few of these definitions are actually usefu. For the most part, they boil down to nothing more specific than "medium-low" and they rarely play a meaningful role in decision-making. In this session, Jack will share a simple process for defining an unambiguous cyber-risk appetite that can drive better decision-making.

About The Speakers

Jack Jones

Jack Jones

Chairman, The FAIR Institute

Widely considered a thought leader in risk management and information security, Jack has been employed in technology for over thirty five years; specializing in information security and risk management for thirty of those years. During this time he has garnered a decade of experience as a CISO, including five years for a Fortune 100 financial services company.