The Risk Transfer Conundrum

SANS Institute · Intermediate ·🛡️ AI Safety & Ethics ·2y ago

Skills: AI Alignment Basics70%Security Basics60%

Incessant cyber attacks are creating tremendous pressure on the insurance industry, thus creating a looming risk transfer problem. There are two general types of risk: inherent and residual. • There is an inherent risk with implementing any technology or leveraging third parties (MSP/MSSPs) • We manage RISK in 4 ways: Avoid, Reduce Transfer and Accept • Residual risk is what is left over after you "manage risk." The problem is, when it comes to cyber, for the last decade, the world has been trying to transfer inherent risk, and that is NOT the right way, and it is terribly fraught with its own risk. Businesses need to return to the basic tenants of risk management and the use of transfer. You build a resilient business by doing the things that demonstrably defeat the actions of threat actors and attacks - by doing the stuff - doing it right, doing it consistently. It is a cost of doing business. Whatever is left, buy insurance for or self-insure (that residual risk that remains after all weaknesses have been treated). SANS Cybersecurity Leadership Summit 2023 Title: The Risk Transfer Conundrum Speaker: Jess Walpole, Chief Technology Officer, Fortress SRM View upcoming Summits: http://www.sans.org/u/DuS

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from SANS Institute · SANS Institute · 0 of 60

← Previous Next →

SANS FOR610: Reverse Engineering Malware: Malware Analysis Tools & Techniques

SANS FOR610: Reverse Engineering Malware: Malware Analysis Tools & Techniques

SANS Institute Cybersecurity Training Customer Stories

SANS Institute Cybersecurity Training Customer Stories

SANS Institute UK Cyber Academy

SANS Institute UK Cyber Academy

SANS Institute UK Cyber Academy

SANS Institute UK Cyber Academy

CISSP® Prep Exam, MGT414, by SANS Institute

CISSP® Prep Exam, MGT414, by SANS Institute

SANS Institute's Rob Lee Discusses The OPM.GOV Hack on CNN

SANS Institute's Rob Lee Discusses The OPM.GOV Hack on CNN

Information Security Training from SANS Institute - Student Testimonials

Information Security Training from SANS Institute - Student Testimonials

SANS DFIR NetWars

SANS DFIR NetWars

Hack The Drone - SANS Cyber Academy UK

Hack The Drone - SANS Cyber Academy UK

SANS VetSuccess Immersion Academy

SANS VetSuccess Immersion Academy

SANS Cybersecurity Training, Certifications & Placement for Veterans

SANS Cybersecurity Training, Certifications & Placement for Veterans

The 2015 SANS Holiday Hack Challenge

The 2015 SANS Holiday Hack Challenge

SANS VetSuccess Academy: Hands-on Skills

SANS VetSuccess Academy: Hands-on Skills

SANS VetSuccess Academy Overview

SANS VetSuccess Academy Overview

SANS ICS Security Summit & Training 2017

SANS ICS Security Summit & Training 2017

Exploring the Unknown Industrial Control System Threat Landscape – SANS ICS Security Summit 2017

Exploring the Unknown Industrial Control System Threat Landscape – SANS ICS Security Summit 2017

WannaCry recap, patches, and analysis

WannaCry recap, patches, and analysis

If We’re Doing So Well at Cyber Security, Why Are We Still Doing So Poorly?

If We’re Doing So Well at Cyber Security, Why Are We Still Doing So Poorly?

Graduation Day - SANS HM Gov Cyber Retraining Academy

Graduation Day - SANS HM Gov Cyber Retraining Academy

Incentivizing ICS Security: The Case for Cyber Insurance – SANS ICS Security Summit 2017

Incentivizing ICS Security: The Case for Cyber Insurance – SANS ICS Security Summit 2017

SANS Data Breach Summit & Training 2017

SANS Data Breach Summit & Training 2017

SANS Secure DevOps Summit & Training 2017

SANS Secure DevOps Summit & Training 2017

How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017

How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017

SANS Webcast – Continuous Opportunity: DevOps & Security

SANS Webcast – Continuous Opportunity: DevOps & Security

SANS Cybersecurity Programs for the Department of Defense

SANS Cybersecurity Programs for the Department of Defense

SANS Pen Test HackFest Summit & Training 2017

SANS Pen Test HackFest Summit & Training 2017

SANS SIEM & Tactical Analytics Summit & Training

SANS SIEM & Tactical Analytics Summit & Training

If We’re Doing So Well, Why Are We Still Doing So Poorly? – SANS ICS Security Summit 2017

If We’re Doing So Well, Why Are We Still Doing So Poorly? – SANS ICS Security Summit 2017

ICS515: ICS Active Defense and Incident Response

ICS515: ICS Active Defense and Incident Response

Introducing the NEW SANS Pen Test Poster

Introducing the NEW SANS Pen Test Poster

SANS Institute - An Inside Look at the Newly Updated ICS515 Course

SANS Institute - An Inside Look at the Newly Updated ICS515 Course

SANS ICS Security Training, Munich, Germany

SANS ICS Security Training, Munich, Germany

SANS Automotive Summit Webcast

SANS Automotive Summit Webcast

Privesc Playground - SANS Pen Test HackFest Summit 2017

Privesc Playground - SANS Pen Test HackFest Summit 2017

Introduction to Reverse Engineering for Penetration Testers – SANS Pen Test HackFest Summit 2017

Introduction to Reverse Engineering for Penetration Testers – SANS Pen Test HackFest Summit 2017

Honey, Please Don’t Burn Down Your Office: Fun with Smart Home Automation

Honey, Please Don’t Burn Down Your Office: Fun with Smart Home Automation

SANS Security Operations Summit & Training 2018

SANS Security Operations Summit & Training 2018

Sh*t Happens! (But You Still Need to Drink the Water) – SANS ICS Summit 2018

Sh*t Happens! (But You Still Need to Drink the Water) – SANS ICS Summit 2018

ICS Threat Intelligence: Moving from the Unknowns to a Defended Landscape – SANS ICS Summit 2018

ICS Threat Intelligence: Moving from the Unknowns to a Defended Landscape – SANS ICS Summit 2018

You’re Probably Not Red Teaming (And Usually I’m Not, Either) – SANS ICS Summit 2018

You’re Probably Not Red Teaming (And Usually I’m Not, Either) – SANS ICS Summit 2018

A Sneak Peak at the New ICS410

A Sneak Peak at the New ICS410

Jumping Air Gaps – SANS ICS Summit 2018

Jumping Air Gaps – SANS ICS Summit 2018

Introduction to Linux

Introduction to Linux

Introduction to Malware Analysis

Introduction to Malware Analysis

You’re Probably Not Red Teaming (And Usually I’m Not, Either) Webcast by Deviant Ollam

You’re Probably Not Red Teaming (And Usually I’m Not, Either) Webcast by Deviant Ollam

Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018

Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018

Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework

Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework

Apples and Oranges?: A CompariSIEM – SANS Security Operations Summit 2018

Apples and Oranges?: A CompariSIEM – SANS Security Operations Summit 2018

SANS Webcast - Perimeter Security and Why it is Obsolete

SANS Webcast - Perimeter Security and Why it is Obsolete

SANS Webcast - Trust No One: Introducing SEC530: Defensible Security Architecture

SANS Webcast - Trust No One: Introducing SEC530: Defensible Security Architecture

The Science of Security: The Psychological Impacts of Security Awareness Programs

The Science of Security: The Psychological Impacts of Security Awareness Programs

How I Pulled Off an Edgy Security Campaign – SANS Security Awareness Summit 2018

How I Pulled Off an Edgy Security Campaign – SANS Security Awareness Summit 2018

Practical Advice for Submitting to Speak at a Cybersecurity Conference

Practical Advice for Submitting to Speak at a Cybersecurity Conference

SANS Webcast - Consuming OSINT: Watching You Eat, Drink, and Sleep

SANS Webcast - Consuming OSINT: Watching You Eat, Drink, and Sleep

SANS Webcast - Zero Trust Architecture

SANS Webcast - Zero Trust Architecture

SANS STX Cyber Range

SANS STX Cyber Range

Part 1 – SANS Institute and Tenable talk about cloud security

Part 1 – SANS Institute and Tenable talk about cloud security

More on: AI Alignment Basics

View skill →

Interpretable machine learning applications: Part 5

Interpretable machine learning applications: Part 5

GenAI news from Weights & Biases CEO, Lukas Biewald

GenAI news from Weights & Biases CEO, Lukas Biewald

Weights & Biases

Responsible AI Winners, 2020 PyTorch Summer Hackathon

Responsible AI Winners, 2020 PyTorch Summer Hackathon

Near Real-Time Analytics to GenAI Centralized Observability | Amazon Web Services

Near Real-Time Analytics to GenAI Centralized Observability | Amazon Web Services

Amazon Web Services

Kiro Hooks | Event-Driven Automation for Your IDE | Amazon Web Services

Kiro Hooks | Event-Driven Automation for Your IDE | Amazon Web Services

Amazon Web Services

Get Started with Raven AGI

Get Started with Raven AGI

Related AI Lessons

What Is AI Jailbreaking? The Security Challenge Reshaping LLMs

Learn about AI jailbreaking, a security challenge that threatens LLMs by bypassing safety guardrails and content filters, and why it matters for AI development

AI Is Forcing Us to Redefine What It Means to Be Smart

AI is redefining what it means to be smart, shifting focus from technical problem-solving to deeper human intelligence

Gait Recognition: The Next Frontier in Biometric Security using AI

Learn how gait recognition using AI is revolutionizing biometric security and why it matters for cybersecurity and identity management

Medium · Cybersecurity

The Model Answered. Nobody Asked Who Authorized That.

Ensure accountability in AI model decisions by implementing authorization and transparency mechanisms

AI Management Essentials: Integrating ISO 42001 & ISO 23894