Recording: Ensuring Risk Assessments Have Business Value

JOIN TRUSTEDSEC ON MAY 23rd, 2018 AT 1:00 PM EST

There is continuing pressure to keep our information secure and breach-free. At the same time, management often doesn’t see the need of increasing budget if there isn’t an incident occurring or a compliance need.

So how does someone in the trenches measure, monitor, and communicate this to ensure that you get the buy-in needed – or at least get the acceptance from management on the risk. It’s something that everyone in a security leadership position struggles with.

None of the Top 10 skills a CISO needs include technological know-how!

According to a study released by University of Kansas researchers, communication, political skills, and risk assessment and management all made the top 10 most important skills CISO said they needed. Through this talk, we will be discussing some of the key points in implementing, managing, and creating risk oversight to communicate both internally to the security team and externally with the company.

Are you getting 10% of your IT budget for Security?

Top organizations are typically spending up to 10% of their overall IT budget on security. A properly implemented risk assessment program illuminates the justification for spending based on what the business deems appropriate levels of risk acceptance.

Find out how the right business risk assessment can help!

According to Gartner, the number of larger enterprises reporting to their board of directors on cybersecurity and technology risk at least once a year will rise from 40% in 2016 to 100% by 2020!

One thing is certain: Security problems are emphatically business problems. Risk assessments are the bridge to tackling the business alignment needed in today’s environment.

Author: Stephen Marchewitz

Stephen has been in the security and risk industry for over 13 years and in IT for over 20 years. He has assisted companies in driving change to ensure clients are successful both in receiving value from products and services as well as managing the security and compliance risks of new projects and technologies. He’s served as an outsourced Chief Information Security Officer for a dozen different companies and consulted to some of the largest companies in the world. Prior to joining TrustedSec, Stephen was the Global Risk Practice Manager in the Digital Transformation Group at Cisco, President and Advisory Practice Lead for a leading information security firm for nine years, a Management Consultant with Ernst & Young, held Technology Management and sales positions with CA and Oracle, and developed new offerings in the insurance industry as an Underwriter and Program Director with Willis Coroon/Chubb in underwriting risk. He is dedicated to helping customers implement the right solutions and services that best meet their business needs, thus allowing them to achieve new levels of success.