The Human Factor: Quantifying Human Risk

By Sara Anstey

Elevator Pitch

This talk will explore the growing field of human risk management and quantification, diving into the next step in an organizations risk journey - quantifying people. We will talk about where the market is, how people are adopting it, and what organizations can gain from human risk management.

Description

I’d like to do a session on the emerging and evolving field of human risk quantification; which aims to apply quantitative methods to assign risk scores to every employee at a company based on the actions they’re taking and the things they have access to. I think this space is very similar to where cyber risk quantification was about 4 years ago - there were a few start ups in the market and a few active voices on Linkedin advocating for the adoption of these practices, but think it will start to become a lot bigger in the new year. I’ve done extensive research into where the players in the market are and how companies are adopting it. I think this will be the next step of a risk journey for many companies. Over 80% of breaches involve the human element, if organizations want to stop them they need to understand how the people they employ are effecting their security posture.

Notes

This should be a very different but engaging talk for cybersecurity practitioners as I want to focus not only on the tech in the market that allows for the quantification of human risk, but the psychology behind people and why they do the things they do and how to create a better security awareness culture.