Page 53 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 53
AI/ML Powered Risk Modeling: A Decision-Making
Framework
By AJ Sarkar, Founder and CEO of OptimEyes.ai
A company’s C-suite and directors assess cyber threats based on the potential impact on high-level
business objectives. How will a particular attack impact year-over-year growth? Client experience and
trust? Company reputation? An anticipated expansion or product launch?
The information security operations team, on the other hand, needs technical details to execute an
effective tactical defense, hold the hackers at bay, and minimize damage.
In the middle, CISOs assess vulnerabilities within network segmentation, architecture, governance,
operations and processes. They watch for threats and work with their counterparts throughout the
business to stop impacts from rippling across the organization. This requires effective, efficient
communication across the enterprise – with info-sec ops, business unit leaders, and the CEO, CFO, CIO,
CCO, and CRO, among others.
These stakeholders, of course, assess the same situation through different perspectives, with different
responsibilities, objectives, jargon, and success metrics. They need a common language to communicate
about threats and ensure the implications — for supply chains, customer experience, operations, financial
performance, data privacy compliance and more – are understood and managed effectively.
Until recently, there has been no common language for managing risk across the organization, let alone
up to the board. Limitations in the effectiveness of risk monitoring, quantification and benchmarking have
only exacerbated the problem.
Flying Blind
53