RSAC 365 Virtual Seminar: Risk Management & Governance
December 8, 2022
11:00 AM ET | 8:00 AM PT
Managing risk in an ever-evolving threat landscape presents myriad challenges that become even more complicated when considering a hybrid workforce, SaaS, geopolitics, and the economy. Join us for this half day virtual seminar in which we’ll hear from a panel of CISOs who will discuss the top issues impacting their risk decisions. The panel will be followed by three sessions that will explore additional aspects of risk management and governance.
The first and last sessions will be followed by a 20-25 minute Q&A.
Session 1: Panel: CISO Fireside Chat: Top Issues Impacting Risk Decisions
Whether it’s employees returning to the office, SaaS, or the current state of global affairs, everything from where employees work to the geo-political environment impacts risk decisions. Hear from this panel of CISOs who will reveal the influences that have changed their security models, how they dealt with threat landscape changes and staffing issues, and how they were able to manage their risk.
Moderator: Jerich Beason
Panelists: Arthur Deane, Elliott Franklin, Glauco Sampaio, Patti Titus
Session 2: Cyber Risk Framing: The Foundation for Cyber Risk Management and Reporting
Strategic, business process, and operational levels of the business must be aligned on risk priorities and management practices to enable effective governance. Risk framing provides foundational elements for the cyber risk strategy including assumptions, constraints, risk tolerance, priorities and trade-offs. These elements also enable a consistent and defendable approach to risk assessment, risk response and risk monitoring. There is an ever-increasing need to effectively communicate cyber risk of the organization—consider the SEC proposed rules on cybersecurity risk management, strategy, governance and incident disclosure by public companies. To meet current and future requirements effectively we need to start at the beginning with cyber risk framing.
Presenter: Jamie Sanderson Reid
Session 3: Compliance as a Culture: Associating Assurance with Organizational Values
Historically, technology and cyber compliance has been approached as a bottom-up problem space, resulting in duplicative, piecemeal engagements that mistake effort for value. What if compliance was instead a natural outcome of a cultural shift which aligned assurance with organizational vision and values? Join me in a thought experiment which examines successful use cases and identifies how we can move the needle within our corporate cultures.
Presenter: Christie Gross
Session 4: Bon Appetit: Establishing an Effective Cyber Risk Appetite
A defined cyber risk appetite is foundational to the success of any firm's information security program. Yet guidance on what makes a cyber risk appetite effective is arguably lacking, especially standards for establishing risk appetite compliance thresholds as well as KPIs, KRIs, and KCIs. This talk will share current and forthcoming guidance and practices for cyber risk appetite development.
Presenter: Matthew Tolbert
This virtual seminar is sponsored by Zscaler. Zscaler accelerates digital transformation so customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location.