Hi [[ session.user.profile.firstName ]]

The CISO as a Transformational Role in Risk Management

Mike Rasmussen of GRC 20/20 explores the ever changing role of the CISO in a modern organization.

This presentation offers a prescription for managing information security risk as it permeates business operations, processes, transactions, and relationships in the digital world.
Recorded Oct 6 2016 50 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Michael Rasmussen- GRC 20/20
Presentation preview: The CISO as a Transformational Role in Risk Management

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • The Core Principles for Effective Internal Auditing Recorded: Jul 2 2019 59 mins
    Norman Marks, CPA, CRMA, Author, Evangelist and Mentor
    Recent headlines:

    • “Internal audit report finds issues in University of Iowa Department of Public Safety Information Technology”

    • “Renault uncovers €11mn in questionable expenses linked to ex-CEO Ghosn”

    • Audit: TVA Failed to Meet Federal Cybersecurity Standards”

    There’s one common thread here: Internal auditors are knocking it out of the park.

    Behind the success of these Internal Auditors are a set of best practices you need to hear about from the renowned Internal Auditor, Norman Marks.

    Are you willing to pony up? Join us for a live webinar with Marks on July 2 at 2:00pm EDT.
  • Yikes! You're Surrounded by a Multi-Generational Workforce Recorded: Jun 5 2019 60 mins
    Todd Fitzgerald Managing Director/CISO, CISO Spotlight, LLC
    Have you noticed lately that your InfoSec team is made up of Gen Xers, Millennials and Baby Boomers?

    Perhaps you’re finding that your co-workers who are in their 50s on up are more collaborative. And those younger are more opinionated, more likely to take risks and make quicker decisions.

    Don’t just shake your head yes.

    It’s not enough to simply co-exist with your colleagues, direct reports or managers. Understanding the multi-generational workplace is a critical factor to meet the daily challenges like discovering the weak links in your supply chain or identifying potential data breaches.

    Stick around for our continuing CISO Leadership Series featuring Todd Fitzgerald, veteran InfoSec practitioner and CISO, who will debunk misconceptions you may have about generations, explore the commonalities and begin to formulate how you might approach one another to affect a more powerful team.

    No secret sauce. Just common sense.
  • White Hat Hackers: Infiltrators for the Good Recorded: May 9 2019 63 mins
    Vinny Troia, Joshua Crumbaugh and Alex Heid
    Some folks very successfully use “the dark side of the force” to further InfoSec practices as ethical hackers.

    And we’ve lined up a panel of three of the world’s leading--and coolest--white hat hackers out there:

    Vinny Troia, Joshua Crumbaugh and Alex Heid.

    Over the next couple of weeks we’re going to introduce you to our high-profile digital investigators, tell you some of their mind-bending stories and show you why you should carve out time in your calendar for this event.

    Their stories are going to reveal what it’s like behind “Darth Vader’s mask”--an exclusive peek inside the mind of an ethical hacker.
    The webinar will go live on May 9 at 2 pm EDT. Take action now to register.

    Only you could be so bold.
  • Norman Marks: Making Business Sense of Technology Risk Recorded: Apr 30 2019 59 mins
    Norman Marks, CPA, CRMA, Author, Evangelist and Mentor
    Technology risk.

    The meaning of those words is broad.

    And means something different to different IT Security folks.

    But there’s one common thread: taking a business-first approach to technology risk. If this is something you’re struggling with, we’d like to have you join us for a live webinar on April 30 at 2:00pm EDT with Norman Marks leading the discussion.

    Technology risk must be an ongoing business conversation. Are you in?
  • Actionable Security Policies for Cyber Defense Recorded: Apr 25 2019 54 mins
    Susan Morrow, Head of Research & Development, Avoco Secure
    Listen to this webinar as we explore how an effective security policy can prevent your workforce from falling foul of attacks from cyber criminals.

    A well-developed security policy is a powerful risk mitigation tool. As the media reminds us every day, it's often not IT systems, but people, that fall victim to hacking attempts. Regardless of company size, a security policy can establish actionable ways for your organization to foster and enforce a workforce culture of security awareness.

    To help information security leaders build an effective security policy or fine-tune an existing program, SAI Global has partnered with security expert Susan Morrow, Head of Research & Development at Avoco Secure, to discuss the critical steps you should take to develop your security policy.

    Susan will share:

    • The risks of not having a security policy
    • The value of going beyond off-the-shelf policy solutions
    • Critical steps in policy development
    • The effectiveness of a global policy vs. department-specific policies
    • Suggestions on policy content, scope and implementation
  • Phishing: The Security Threat You Can't Ignore Recorded: Apr 24 2019 58 mins
    Mike Nobers, Director of Channel InfoSec Institute
    With email providing the entry point for 91% of global cyber-attacks, a sustainable information security and data privacy risk management program needs to empower employees and third-party vendors to detect, avoid and report security risks and phishing attacks.

    Consider account verification emails, DocuSign requests, cloud file sharing alerts and delivery notifications. These asks could actually be a phishing attack in disguise.

    Learn to spot the signs and how to enable your team to be the first line of defense.

    Join SAI Global and the InfoSec Institute as Mike Nobers, Director of Channel InfoSec Institute discusses the critical steps in addressing phishing in the workplace. Exploring how software can help organizations identify risk and phish-susceptible individuals with market-leading risk intelligence capabilities that can help ensure a security culture.

    Topics to be covered include:

    • Why Phishing attacks are so successful
    • How to approach team members with awareness training
    • What technology measures organizations can take to protect themselves
    • Where the threat landscape is heading
  • CISO Leadership Series: Getting the Job Done without the Shiny Object Recorded: Apr 17 2019 59 mins
    Todd Fitzgerald Managing Director/CISO, CISO Spotlight, LLC
    Are you continuously refining many of your business processes and procedures just to get your job done? What if there was an easier way to retool some of those broken methods and land on processes that make better sense?

    Tune in for our 4th live webinar in our CISO Leadership Series with Todd Fitzgerald, veteran CISO, April 17 at 2:00pm EDT. Fitzgerald will talk us through the ‘systems’ area of the McKinsey 7S diagnostic model which is widely used by academics and practitioners, and remains one of the most popular strategic planning tools

    If you’re thinking that your business processes and procedures are ineffective or need improvement, take a moment to register for this enlightening presentation.

    You just might get by without the shiny object.
  • Norman Marks: The Concept of Risk Appetite is Flawed Recorded: Mar 26 2019 55 mins
    Norman Marks, CPA, CRMA, Author, Evangelist and Mentor
    Amid the common definition of the phrase ‘risk appetite’, GRC trailblazer Norman Marks, debunks its conventional meaning during a live talk on Tuesday, March 26, 2019 at 2:00pm EDT. Marks will bring you a fresh perspective on recognizing that no organization will succeed if it doesn’t take a risk.

    So let’s stop talking about managing and mitigating risk. Let’s talk about what might happen.
  • CISO Leadership Series: Who you report to could have unintended consequences Recorded: Mar 13 2019 55 mins
    Todd Fitzgerald Managing Director/CISO, CISO Spotlight, LLC
    Think blue skies…if you could select your supervisor, who would you it be? Your CEO, CTO, CIO? On a live session, March 13 at 2:00pm EST, accomplished veteran CISO, Todd Fitzgerald, will help you understand how your role as an InfoSec practitioner is viewed within your organization based on who you report to.

    By the way, your horoscope for today is to register for this intriguing conversation.
  • Norman Marks: What's Right and What's Wrong with SOX? Recorded: Feb 26 2019 63 mins
    Norman Marks, CPA, CRMA, Author, Evangelist and Mentor
    Have you noticed that the cost and scope of the SOX compliance program keeps multiplying? What’s up with that?

    Our leading GRC authority, Norman Marks, will explore the causes of this emerging trend and more during a live talk on Tuesday, February 6, 2019 at 2:00pm EST. Marks’ risk-based, top-down approach to SOX compliance just might surprise you enough to take action.

    No matter how you put your sox on, you’ll want to put this SOX seminar on your calendar
  • Are Robots Invading Your Space? Healthcare InfoSec Staffing Recorded: Feb 6 2019 61 mins
    Brian Selfridge, Partner at Meditology Services & CORL Technologies
    Remember when there was a lot of ruckus about robots taking over people’s jobs? There’s no immediate cause for you to worry about that, but we do know there’s a widespread concern over the shortage of qualified InfoSec talent, especially in the healthcare industry.

    We have a solution that we think can help. We’ve teamed up with Meditology Services LLC, a professional services company with an exclusive focus on healthcare IT, to bring you a panel of expert InfoSec practitioners on a live webinar February 6 at 2pm EST. This user group will talk about everything from Digital Risk automation tools to hiring and recruiting the best talent.

    Start your own trend…register now for this timely conversation.

    Customer Panelists: Andrew Seward, CISO, Elliot Health System; John Abella, IT Security and Enterprise Architecture, Main Line Health; Charles (Chuck) Goff, Cyber Security Program Manager, Information Services, Dartmouth Hitchcock Medical Center
  • 6 Proactive Cybersecurity Precautions to Take Now Recorded: Jan 30 2019 53 mins
    Todd Fitzgerald Managing Director/CISO, CISO Spotlight, LLC
    What’s your strategy for protecting your network systems? Whether you’ve just redefined your cyber strategy, rethinking your approach or needing to develop a program, tune in for the 2nd live webinar in our CISO Leadership Series with Todd Fitzgerald, veteran CISO, January 30 at 2:00pm EST.

    Fitzgerald will talk through the 7S diagnostic model involving strategy, structure, systems, staff, skills, style and shared values. The 7S Framework is mainly used to trace performance problems in an organization for the purpose of changing or improving these areas.

    Only increased awareness and education can strengthen your cyber program. If you’re thinking that your information security approach is insufficient or needs improvement, take a moment to register for this instructional presentation.
  • A Conversation with Norman Marks, GRC Giant Recorded: Jan 22 2019 63 mins
    Norman Marks, CPA, CRMA, Author, Evangelist and Mentor
    Norman Marks may not have coined the term, Governance, Risk and Compliance—but he’s one heck of a GRC giant. During a live chat on Tuesday, January 22, 2019 at 2:00pm EST, Marks will share his wisdom, what makes him tick, why he’s been so successful, what failures he’s had to overcome and his forecast on the future of GRC.

    Sneak peek! One of the quirky questions we’ll be asking Marks is: if you were given a 30-second ad slot promoting IRM (no products) during the Super Bowl, what would it say?

    Find out if Marks is optimistic about the future of IRM. It’ll be a smart start to the new year.
  • Regulatory Complexity in Financial Services Cybersecurity Recorded: Jan 16 2019 51 mins
    Paul Ferrillo, Esq.
    The financial services industry is increasingly impacted with new regulations, as well as the growing risk from hacktivists, nation states, and other cyber criminals. As the types of cyber threats rapidly grow and change, cybersecurity regulations are trying to keep up.

    Join our live webinar with Paul Ferrillo, Attorney and Shareholder with Greenberg, Traurig LLP as he reviews the changing regulatory landscape and offers insights on how to address it.

    Ferrillo will review:

    • Applicable Federal Cybersecurity Guidelines
    • NIST Cybersecurity Framework
    • State Cybersecurity Guidelines in NY and California
    • More regulation to come
    • How GDPR factors in
  • The Changing Face of Vendor Risk and Business Continuity Management Recorded: Dec 19 2018 61 mins
    Terence Lee, CBCP, VP Strategic BCP, an SAI Global Company
    Business continuity professionals are increasingly pulled into risk management discussions and activities that are outside of the typical business continuity and disaster recovery capabilities. Now tasked with assessing critical vendors for information security, SLA performance, and more, it's imperative to understand:

    • How to implement best practices to identify and manage third-party
    risk and exposure
    • Improve vendor performance
    • Obtain assurance that the vendor has recovery and contingency
    planning and testing in place in order to provide continued access
    to products and services within SLAs and critical process RTOs.

    Join us on Wednesday, December 19 at 2:00pm EST when Terrance Lee, VP Strategic BCP will address these current realities.
  • Effective CISO Leadership: Doing the Right things Right Recorded: Dec 11 2018 61 mins
    Todd Fitzgerald Managing Director/CISO, CISO Spotlight, LLC
    SAI Global is pleased to announce a new partnership with Todd Fitzgerald, Managing Director and CISO, CISO Spotlight, LLC. Together, we're launching a new CISO Leadership series that will help you become a better leader.

    Our first live webinar in this series covers the modern Chief Information Security Officer's role and how it's evolved significantly over the past 25 years. The CISO is on the front lines, keeping up with new emerging technologies, and presenting to the board.

    But how do we know the CISO is effectively addressing all the necessary cybersecurity areas to be effective organizationally? Is the strategy correct? Is the structure of the organization set up for success? Are the right staff and skills present and is the CISO communicating effectively with the board? Is there a capability we are missing?

    This leadership session takes a holistic view of the business of being a CISO to protect the information assets of the organization.
  • Norman Marks on Making Business Sense of Technology Risk Recorded: Nov 27 2018 59 mins
    Norman Marks, CPA, CRMA, Author, Evangelist and Mentor
    Traditional approaches to technology risk lead to assessing it as 'high', 'medium or 'low'. But how do you know whether it makes business sense to take the risk or invest scarce resources into addressing it? Is it better to spend money on people and tools to mitigate cyber risk or to invest in a new product or marketing campaign?

    In this webinar, Norman Marks will share his thoughts on this challenge. He’ll talk about:

    -Why it’s necessary to express technology-related risk in business terms
    -Technology-related risk is just one of the business risks that need to be considered in making a decision
    -How, even a moderate risk, can take you over a 'tipping point'
    -Who should be involved in assessing technology-related risks
    -How to communicate technology-related risks to the board and top management
  • Have your vendors had their annual checkup? Recorded: Oct 31 2018 58 mins
    Brian Selfridge, Partner, Meditology Services & CORL Technologies
    You know this better than anyone working in IT security at a healthcare organization. One of the top vulnerabilities that continue to plague hospitals is cyberattacks, many of which are caused by doing business with third-party vendors.

    You’ve got a tight budget, limited resources and a painful path to get the physicians and board to prioritize IT security, but we’re here to help.

    We’ve teamed up with Meditology Services, a professional services company with an exclusive focus on healthcare IT, on a live webinar October 31, 2018 at 1:00pm EDT. Through data and analytics, Brian Selfridge, a Partner at Meditology Services & CORL Technologies, will address the ways you can improve your current risk practices and relationships with providers.

    Lower your pulse rate. Give your vendors a checkup. Register now
  • Norman Marks on Risk Management in the Extended Enterprise Recorded: Oct 23 2018 59 mins
    Norman Marks, CPA, CRMA, Author, Evangelist and Mentor
    What do we mean by risk in the extended enterprise? And how do we identify and then assess these risks?

    Our monthly in-depth conversation with Marks continues on a live webinar, October 23 at 2:00pm EDT. As a lifetime risk practitioner, Marks will discuss the specific use case of third-party management and the implications for risk decision-making across the extended enterprise.

    Let’s start a conversation
  • How to Thrive When Your Vendors Aren't Recorded: Oct 10 2018 63 mins
    James S. DeGraw, Partner, Ropes & Gray LLP (Corporate Technology Group)
    It’s likely you’ve been wondering if you’ve got the right vendor risk management program in place. The fact is if your vendors breached your company data, you’re liable, and your program is lethal.

    Many factors go into understanding the risk of doing business with your vendors—where will your company’s data be physically located and how access to it will be managed, what’s in your vendor’s previous audits and what does their cyber strategy look like.

    But one thing is certain: When your vendors are at risk, your business is at risk, impacting your entire organization’s ecosystem along with long-lasting legal consequences.

    Over the next few months, we’ll be taking a fresh perspective on vendor risk management that’s perfectly geared for you wherever you are in the VRM lifecycle.

    Our first event is a game-changer. A live webinar on Wednesday, October 10 at 2:00pm EDT featuring Jim DeGraw, a partner in Ropes & Gray’s corporate technology group. DeGraw regularly provides data incident crisis management counseling, leads investigations into potential data breach events, advises clients on establishing and conducting assessments of information security and data handling governance programs.

    DeGraw will walk you through the disruption and evolution of VRM: regulatory, demographic, technological, current events, and the role digital and the global economy play in these vendor risk changes.

    Find out how you can thrive when your vendors aren’t.
SAI Global
The SAI Global channel features presentations with Integrated Risk Management thought leaders, customers, analysts and leading solution experts. Our IRM solutions are a combination of leading capabilities, services and advisory offerings that operate across the entire risk lifecycle allowing businesses to focus elsewhere. Together, these tools and knowledge enable clients to develop a holistic, integrated view of risk.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: The CISO as a Transformational Role in Risk Management
  • Live at: Oct 6 2016 6:00 pm
  • Presented by: Michael Rasmussen- GRC 20/20
  • From:
Your email has been sent.
or close