Time
48 minutes
Difficulty
Advanced
CEU/CPE
1

Video Description

This lesson discusses how to translate technical threats into business risks while taking into account both direct and indirect costs.

Video Transcription

00:04
So now that we have these numerical values, let's go ahead and help translate these technical threats into business risk. Because the cost considerations are obviously a business risk, we're gonna have to unique line items direct and indirect.
00:18
So direct basically means What would the cost to remediate at the point of discovery be
00:24
versus incident response?
00:26
Indirect. Maybe, You know you have heard while pony, Montes says, If you get breached, its $203 a record.
00:33
But the problem with that is, if you sit there and try to say to your system owners, Well, we need to spend $85,000 on this new product or we could lose $3.5 million
00:45
you're probably gonna get that guy Earlier in the slide deck that was saying, Get the heck out of my office.
00:51
So what we're trying to be able to do, and this is actually coming from a riel assessment that I've done previously
00:58
that shows a correlation between the direct and indirect
01:02
Kloss.
01:03
As you can see, the cost of remediation was dramatically less than the cost of instant response and recovery.
01:10
This gives the type of detail in information that system owners need to help justify their security program spend.
01:19
It's part of this assessment. There were also indirect risks that were identified.
01:23
The remediation of those efforts were about $3000
01:29
the cost for instant response and recovery. While you cannot put a definitive dollar value on that, it is important to note that since this took place in Georgia,
01:38
there is a potential claim for a violation of the Georgia Personal Identity Protection Act.
01:44
HIPPA sanctions, improved notifications
01:46
and, of course, potential litigation costs.
01:49
So now you're able to provide your senior leaders with a more holistic picture on what the direct and indirect costs.
01:59
Actually, it looked like.

Up Next

Corporate Cybersecurity Management

Cyber risk, legal considerations and insurance are often overlooked by businesses and this sets them up for major financial devastation should an incident occur.

Instructed By

Instructor Profile Image
Carter Schoenberg
Executive VP of IPKeys Power Partners
Instructor