Event-Driven Scenario Planning for Cyber Risk Management
This presentation explores the importance of scenario planning in cybersecurity, focusing on decision support, risk environment context, event sequences, impacts, and event drivers. By analyzing threats, triggers, impacts, and losses, organizations can proactively manage cyber risks and protect stakeholder equities. Through event modeling and control actions, the framework helps enhance security posture and mitigate potential threats.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Scenario Planning for Effect Aaron McKay, Cybersecurity Engineer, SCRAM Systems Jack Whitsitt, Director of CRQ, Ostrich Cyber Risk
Scenario Planning: Why? As s ur ance of Val ue As s ur ance of Accept ance As s ur ance of Us eabi l i t y Assurance of Rigor Assurance of Sustainability 2
Scenario Planning: 6 + 1 Layers Decision Support Decisions Risk Environment Context Event Sequences Engagement Event Drivers Models & Measurement Operations & Sustainability 3
Decision Support Decisions Amount vs Difference Breadth & Depth Time Series Business Metrics Question | Response A/B Governance Framework Thematic Groups Top | Workflow | Invest Language and Framing 4
Risk Environment Context Reference Class Lexicon Event Flows Internal Environment External Environment 5
Event Sequences: Threats & Triggers No one needs to model every attack tree we have ranges so we can make inferences! The goal of Threat Event Flow modeling is to identify representative Control Objectives (TTP and Surface Management) and link impacts to triggers. Initial Access Vectors Assets Asset Changes TTPs (Threat Events) Exposed Surface 6
Event Sequences: Impacts & Losses Security is important because it affects a variety of stakeholder business equities. E.g., Customer equities may include Service Availability . If equities aren t fulfilled (service outage) they may react in a way that begins accumulating loss. Business Events Stakeholders Security Equities Event Reactions Loss Accounting Forms 7
Event Drivers: Frequency EVENT MODEL CONTROL MODEL Control Opportunities Threat Motives Contact Control Actions Threat Objectives PoA Control Actions Threat Communities Control Set Behavior Base Rate Incentives 8
Event Drivers: Loss CONTROL MODEL EVENT MODEL Control Opportunities Value at Risk 9 Match Ctl Actions Event to Equity Match Degree Ctl Actions Match Degree Control Set Behavior Equity Impact Degree 9
Event Drivers: Susceptibility What is the probability that, when a threat attempt is made, a useable combination of surfaces allowing threat events to become loss events will exist, be apparent to threat actors, and will be exploitable for impact? Surface Base Rate Control Opportunities Surface Control Actions Exploit Control Actions Control Set Behavior 10
Models & Measurement MODELS MEASUREMENT Stocks vs Flows Data Source Precision Data Source Reliability Flow Forecast Models Flow Indicator Metrics Data Source Currency Data Source Authority Comparison Variables
Models & Measurement & Forecasting Decision Requirements Context Threat & Loss Event Flows Risk Drivers Models & Measurement FAIR Scenarios & Monte Carlo
Operations & Sustainability Component Re-use Technical CRQ Tools One Set | Multi-Purpose Soft CRQ Tools Process Integration Non-CRQ-CRQ Tools Production Cadences Culture Awareness 13
Scenario Planning: Strategies Decision Support Decisions What do you need? Where will you get it? Risk Environment Context Event Sequences Engagement Why will they give it? What will you do with it? Event Drivers What will you produce? Who will care? Future Models & Measurement Operations & Sustainability Who must agree? Who will use it? 14
Creative Engagement Gamification Truth by Process Fictionalization Compartmentalization Incentivization (Non)Branding Ego-nomics Language Hijinx Culture First Adjacency Maturation Aperture Adjustment 15
Creative Engagement: Case Study Proposal for Discussion: Execute a scripted tabletop exercise from scenario to communicate value of CRQ. As participants figure out how to recover from the attack, there is a discussion about costs and other elements of risk through the lens of FAIR and CRQ. Gamification Truth by Process Fictionalization Compartmentalization (Non)Branding Incentivization Ego-nomics Language Hijinx Culture First Adjacency Maturation Aperture Adjustment 16
Back to the top: 6+1 Layer Mnenomic Decision Support Decisions Don t Risk Environment Context Event Sequences Count Every Event Drivers Models & Measurement Operations & Sustainability Engage! Engage! Rainbow; Make Observations And 17
Thank you! Aaron McKay, Cybersecurity Engineer, SCRAM Systems Jack Whitsitt, Director of CRQ, Ostrich Cyber Risk
