Workshop 4

OpRisk North America workshop 4

OpRisk North America workshop 4

Cyber risk management and quantification for op risk and cyber risk practitioners

March 22nd 2018
Marriott Marquis Times Square, New York



Registration, breakfast and introductions


Cyber risk in a nutshell

  • Become familiar with the NIST Framework
  • Define Concepts of Threat Actors, Vectors and Assets
  • Define the 3 Basic Assets (Data Availability, Data Integrity, Data Security))
  • Define basic controls 

Before you measure risk

  • Prerequisites to risk measurement
  • The measurement process
  • Common mistakes and fallacies
10:15 Morning break and refreshments

Asset Identification

  • Delving into data integrity, data security and data availability and how to estimate the value of each
12:30 Lunch

Combining exposures with probabilities

  • Adding a probabilistic framework
  • Assessing frequencies
  • Assessing the relationships of exposure to the frequencie
15:00 Afternoon break and refreshments

Risk management and decision analysis

  • Use findings in session 1 to 4 to assess risk management strategies (mitigate, transfer, retain, avoid, profit)
  • Control prioritization and cost benefit analysis
16:30 End of workshop



  • Michael A. Barton, Director of Operational Risk Quantification and Scenario Analysis, AIG
  • Anthony Shapella, Managing Director - Risk Officer, Liability and Financial Lines Enterprise Risk Management, AIG
  • German Pliego, Lead Statistician-Risk Analytics, AIG
  • David Mundy, Technology Risk Officer - Commercial Insurance, AIG
  • Jack Jones, Co-Founder, EVP Research & Development, RISKLENS