View
318
Download
1
Category
Preview:
Citation preview
Enterprise Risk Management
In the face of mounting cyber security regulations
Cyber Security
o Rules established by government
o A lot of attention right now
o Misconceptionso Struggle for
businesses to stay safeo Cyber economicso Company culture
Government Approach
All Hazards
ISO 31000Principles and guidelines to formalize enterprise risk management to accommodate multiple ‘silo-centric’ management systems
ISO 27005Assists the satisfactory implementation of information security based on a risk management approach
Risk Management for BusinessF.A.I.R.
WHERE ARE YOU STARTING?Cyber Security
HOW ARE YOU BALANCING PRIORITIES?
ERM and Cyber Security
ARE YOUR EXECUTIVES ENGAGED?WHAT ARE THEY ASKING FOR?
DOES TRADITIONAL RISK MANAGEMENT WORK WITH CYBER?What’s failing?Does all-hazards work outside of the government?
The Argument for
Reasonable Security
Phil AgcaoiliDistinguished Fellow and Fellows Chairman, Ponemon Institute
Board of Advisors, PCI Security Standards Council (SSC)
Financial Services – Information Sharing & Analysis Center (FS-ISAC)Payments Processing Information Sharing Council (PPISC)
Contributor, NIST Cybersecurity Framework
Co-Founder & Board Member, Southern CISO Security Council
Founding Member, Cloud Security Alliance (CSA) Inventor & Co-Author
CSA Cloud Controls Matrix (ISO 27017/27018)Security, Trust and Assurance Registry (STAR), and CSA Open Certification Framework (OCF) – AICPA SOC 2
@hacksec https://www.linkedin.com/in/philA
Thanks
Recommended