Risk Management Summit
Thursday, April 6, 2017 8 CPEs
9:00 AM – 5:00 PM
As with any other aspect of operating a business, managing cyber risk well is predicated on making informed decisions, and then executing reliably within the context of those decisions. Unfortunately today, too many security teams still don’t understand how to effectively translate technical security issues into risk language the business can use.
During this interactive summit we’ll debunk some of the myths about what risk is and what it isn’t. Attendees will walk away with new tools and methodologies that will help them align security and risk with business goals, and help elevate security as a strategic and trusted partner.
9:00 AM – 9:30 AM
Session 1 – Revisiting the Groundwork, Jack Jones
Within the information security and risk professions there are significant differences in how people define and approach risk. This creates significant challenges to us as professionals for everything from risk measurement, alignment with the business, and communicating with executives. Consequently, in order for the Risk Summit to be productive, it is critical that everyone in the room is on the same page on these fundamentals.
In this first section, we’ll review some basic risk concepts and terminology, which will lay the foundation for everything that follows.
9:30 AM – 10:45 AM
Session 2 - Analytical Mistakes & Group Bias, Evan Wheeler
There are a number of common mistakes and human biases that can dramatically affect the quality of risk measurement. The unfortunate result is that risk measurements tend to be unreliable and lacking in credibility. This significantly affects an organization’s ability to set appropriate policies, prioritize risk concerns, and select cost-effective solutions.
In this session, these problems will be reviewed and practical means of recognizing, avoiding, and correcting them will be shared.
11:00 AM – 12:15 PM
Session 3 - Evaluating Risk, Ron Woerner
Measuring risk well is fundamental to successful risk management. Unfortunately, it’s also one of the things at which our profession is least effective.
In this session, you will be introduced to a simple and effective framework and process for measuring risk. The material in this section will prepare attendees for the practical exercises in the afternoon sessions.
1:30 PM – 2:45 PM
Session 4 – Group exercise 1
3:00 PM – 4:15 PM
Session 5 – Group Exercise 2
4:15 PM – 5:00 PM
Session 6 – Making the Case to Risk Management, Jack Jones
The primary reason for measuring risk is to help executives make well-informed business decisions.
That being the case, this final session of the day will focus on the challenges with, and practical approaches for, communicating risk analysis results to management. These tips can make the difference between glazed eyes and genuine interest by the executives whose decisions drive the risk condition of an organization.