This is a group for people interested in a risk-based approach to cybersecurity. We plan to hold monthly meetings in the Silicon Valley / San Francisco area with speakers and/or open discussions among people who are doing work, or have new ideas, or launching new initiatives, or just interested in this relatively new field. There are lots of topics to address: risk assessment, risk quantification, risk-based practices and tools, integration with IT, supplier management and other areas of the business, impact on cloud and mobile computing, etc.
Risk is a paradigm for targeting cyber security resources where they'll have the most impact. What does your organization have to lose from security incidents, what is it all worth, where is it exactly? A risk-based approach allows organizations to sort out the flood of threat and vulnerability data and mitigate cyber risk for maximum benefit to the bottom line.