Establish a risk-based information security approach to holistically deal with risk in the business
Thanks to high-profile data breaches and other security incidents in the news, Information Security executives are now being asked to engage with their non-technical peers to discuss what they are doing about securing the organization’s assets. Many executives find it difficult to relate the tactics of information security in a way that makes sense to the rest of the business.
In this 60 minute session, Dwayne Melancon will discuss several aspects of the solution to this problem:
For technical executives, we will discuss ways to “connect security to the business” in a recognizable way;
For non-technical executives, we will discuss techniques to ask meaningful questions about information security so you can assure that the goals of your business are being protected;
We will share some practical approaches to visualize security metrics in a way that enables decisions and business-oriented discussion.
Knowledge, examples, and stories derived from interactions with hundreds of global enterprises.
Example security metrics, including graphics to help distill details down to an easy-to-consume format.
Checklists to ensure your metrics satisfy the criteria for effective security metrics.
Take a look at the highlights:
How to establish a risk-based information security approach to deal with risk holistically in the business
How to create “tone at the top” for effective risk and security management, and drive cross-functional engagement
Criteria for effective security metrics – a sort of “litmus test” for good metrics
Examples of effective metrics that relate to business goals
How to increase accountability and results through healthy competition
How to bridge the communication gap between information security and the rest of the business
Risk management and security metrics are not a “one size fits all” proposition – each organization’s needs and priorities are different. That said, there are some repeatable practices organizations can engage in to determine how best to align their organization and present data that enables executives to have the confidence that the needs of the organization are being looked after, from an information security perspective. This session will cover some of the tenets of effective security metrics, and discuss what organizations are doing to tackle this challenge.
Who should attend?
Technical executives, such as CIO’s, CTO’s, and their VP-level equivalents.
Non-technical executives, such as CFO’s, CEO’s, and Business Unit Leaders.
Dwayne Melancon is Tripwire’s Chief Technology Officer, where he owns a critical role in driving and evangelizing the company’s global overall product strategy. He brings over 25 years of security software experience, and is responsible for leading the company’s long term product s...
Disclaimer: The content herein does not represent any association between CFPB and Eli Financial LLC. CFPB neither endorses any product of Eli Financial LLC nor warrants accuracy of the content hereto.