The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Jennifer Bayuk - Jennifer L. Bayuk, LLC

Students: Spring 2024, unless noted otherwise, sessions will be virtual on Zoom.

Stepping Through Cybersecurity Risk Management A Systems Thinking Approach

Feb 21, 2024

PDF Slides PDF
Download: Video Icon MP4 Video Size: 273.5MB  
Watch on Youtube Watch on YouTube


In the realm of risk, cybersecurity is a fairly new idea. Most people currently entering the cybersecurity profession do not remember a time when cybersecurity was not a major concern. Yet at the time of this writing, reliance on computers to run business operations is less than a century old. Prior to this time, operational risk was more concerned with natural disasters than man-made ones. Fraud and staff mistakes are also part of operational risk, so as dependency on computers steadily increased from the 1960s through the 1980s, a then-new joke surfaced: To err is human, but if you really want to screw things up, use a computer.

Foundational technology risk management concepts have been in place since the 1970s, but the tuning and the application of these concepts to cybersecurity were slow to evolve. Yet there is no doubt that cybersecurity risk management tools and techniques have continuously improved.. Although the consequences of cybersecurity incidents have become dramatically more profound over the decades, available controls have also become more comprehensive, more ubiquitous, and more effective. 

This seminar is intended to make the fundamentals of cybersecurity risk management visible to those who are contributing to it, and comprehensible to those looking in from the outside. Like any effort to increasing visibility, increasing transparency in cybersecurity requires clearing out some clouds first. That is, in the tradition of Spaf's recent book on the topic*,  busting some cybersecurity management myths that currently cloud management thinking about cybersecurity and replacing them with risk management methodologies that work.

*Spafford, G., Metcalf, L. and Dykstra, J. (2022). Cybersecurity Myths and Misconceptions, Avoiding the Hazards and Pitfalls that Derail Us. Addison-Wesley.

About the Speaker

Jennifer Bayuk
Dr. Jennifer L. Bayuk, Ph.D. is experienced in a wide variety of cybersecurity positions, including Wall Street Chief Information Security Officer, Global Bank Operational Risk Management, Financial Services Internal Audit, Big 4 Information Systems Risk Management, Bell Labs Security Software Engineer, Risk Management Software Company Founder, and Expert Witness.

Author of multiple textbooks and articles on a variety of cybersecurity topics and is a frequent contributor to Cybersecurity Conferences, Boards, Committees, and educational forums.

Jennifer has created curriculum on numerous information security, cybersecurity, and technology risk topics for conferences, seminars, corporate training, and graduate-level programs. Adjunct Professor at Quinnipiac University, Kean University, and Stevens Institute of Technology.

She has a BS in Computer Science and Philosophy from Rutgers University, MS (1992) in Computer Science  and a PhD (2012) in Systems Engineering from Stevens Institute of Technology.

Ways to Watch


Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!