Hi [[ session.user.profile.firstName ]]

The CISO as a Transformational Role in Risk Management

Mike Rasmussen of GRC 20/20 explores the ever changing role of the CISO in a modern organization.

This presentation offers a prescription for managing information security risk as it permeates business operations, processes, transactions, and relationships in the digital world.
Recorded Oct 6 2016 50 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Michael Rasmussen- GRC 20/20
Presentation preview: The CISO as a Transformational Role in Risk Management

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Norman Marks: The Concept of Risk Appetite is Flawed Mar 26 2019 6:00 pm UTC 75 mins
    Norman Marks, CPA, CRMA, Author, Evangelist and Mentor
    Amid the common definition of the phrase ‘risk appetite’, GRC trailblazer Norman Marks, debunks its conventional meaning during a live talk on Tuesday, March 26, 2019 at 2:00pm EDT. Marks will bring you a fresh perspective on recognizing that no organization will succeed if it doesn’t take a risk.

    So let’s stop talking about managing and mitigating risk. Let’s talk about what might happen.
  • CISO Leadership Series: Who you report to could have unintended consequences Recorded: Mar 13 2019 55 mins
    Todd Fitzgerald Managing Director/CISO, CISO Spotlight, LLC
    Think blue skies…if you could select your supervisor, who would you it be? Your CEO, CTO, CIO? On a live session, March 13 at 2:00pm EST, accomplished veteran CISO, Todd Fitzgerald, will help you understand how your role as an InfoSec practitioner is viewed within your organization based on who you report to.

    By the way, your horoscope for today is to register for this intriguing conversation.
  • Norman Marks: What's Right and What's Wrong with SOX? Recorded: Feb 26 2019 63 mins
    Norman Marks, CPA, CRMA, Author, Evangelist and Mentor
    Have you noticed that the cost and scope of the SOX compliance program keeps multiplying? What’s up with that?

    Our leading GRC authority, Norman Marks, will explore the causes of this emerging trend and more during a live talk on Tuesday, February 6, 2019 at 2:00pm EST. Marks’ risk-based, top-down approach to SOX compliance just might surprise you enough to take action.

    No matter how you put your sox on, you’ll want to put this SOX seminar on your calendar
  • Are Robots Invading Your Space? Healthcare InfoSec Staffing Recorded: Feb 6 2019 61 mins
    Brian Selfridge, Partner at Meditology Services & CORL Technologies
    Remember when there was a lot of ruckus about robots taking over people’s jobs? There’s no immediate cause for you to worry about that, but we do know there’s a widespread concern over the shortage of qualified InfoSec talent, especially in the healthcare industry.

    We have a solution that we think can help. We’ve teamed up with Meditology Services LLC, a professional services company with an exclusive focus on healthcare IT, to bring you a panel of expert InfoSec practitioners on a live webinar February 6 at 2pm EST. This user group will talk about everything from Digital Risk automation tools to hiring and recruiting the best talent.

    Start your own trend…register now for this timely conversation.

    Customer Panelists: Andrew Seward, CISO, Elliot Health System; John Abella, IT Security and Enterprise Architecture, Main Line Health; Charles (Chuck) Goff, Cyber Security Program Manager, Information Services, Dartmouth Hitchcock Medical Center
  • 6 Proactive Cybersecurity Precautions to Take Now Recorded: Jan 30 2019 53 mins
    Todd Fitzgerald Managing Director/CISO, CISO Spotlight, LLC
    What’s your strategy for protecting your network systems? Whether you’ve just redefined your cyber strategy, rethinking your approach or needing to develop a program, tune in for the 2nd live webinar in our CISO Leadership Series with Todd Fitzgerald, veteran CISO, January 30 at 2:00pm EST.

    Fitzgerald will talk through the 7S diagnostic model involving strategy, structure, systems, staff, skills, style and shared values. The 7S Framework is mainly used to trace performance problems in an organization for the purpose of changing or improving these areas.

    Only increased awareness and education can strengthen your cyber program. If you’re thinking that your information security approach is insufficient or needs improvement, take a moment to register for this instructional presentation.
  • A Conversation with Norman Marks, GRC Giant Recorded: Jan 22 2019 63 mins
    Norman Marks, CPA, CRMA, Author, Evangelist and Mentor
    Norman Marks may not have coined the term, Governance, Risk and Compliance—but he’s one heck of a GRC giant. During a live chat on Tuesday, January 22, 2019 at 2:00pm EST, Marks will share his wisdom, what makes him tick, why he’s been so successful, what failures he’s had to overcome and his forecast on the future of GRC.

    Sneak peek! One of the quirky questions we’ll be asking Marks is: if you were given a 30-second ad slot promoting IRM (no products) during the Super Bowl, what would it say?

    Find out if Marks is optimistic about the future of IRM. It’ll be a smart start to the new year.
  • Regulatory Complexity in Financial Services Cybersecurity Recorded: Jan 16 2019 51 mins
    Paul Ferrillo, Esq.
    The financial services industry is increasingly impacted with new regulations, as well as the growing risk from hacktivists, nation states, and other cyber criminals. As the types of cyber threats rapidly grow and change, cybersecurity regulations are trying to keep up.

    Join our live webinar with Paul Ferrillo, Attorney and Shareholder with Greenberg, Traurig LLP as he reviews the changing regulatory landscape and offers insights on how to address it.

    Ferrillo will review:

    • Applicable Federal Cybersecurity Guidelines
    • NIST Cybersecurity Framework
    • State Cybersecurity Guidelines in NY and California
    • More regulation to come
    • How GDPR factors in
  • The Changing Face of Vendor Risk and Business Continuity Management Recorded: Dec 19 2018 61 mins
    Terence Lee, CBCP, VP Strategic BCP, an SAI Global Company
    Business continuity professionals are increasingly pulled into risk management discussions and activities that are outside of the typical business continuity and disaster recovery capabilities. Now tasked with assessing critical vendors for information security, SLA performance, and more, it's imperative to understand:

    • How to implement best practices to identify and manage third-party
    risk and exposure
    • Improve vendor performance
    • Obtain assurance that the vendor has recovery and contingency
    planning and testing in place in order to provide continued access
    to products and services within SLAs and critical process RTOs.

    Join us on Wednesday, December 19 at 2:00pm EST when Terrance Lee, VP Strategic BCP will address these current realities.
  • Effective CISO Leadership: Doing the Right things Right Recorded: Dec 11 2018 61 mins
    Todd Fitzgerald Managing Director/CISO, CISO Spotlight, LLC
    SAI Global is pleased to announce a new partnership with Todd Fitzgerald, Managing Director and CISO, CISO Spotlight, LLC. Together, we're launching a new CISO Leadership series that will help you become a better leader.

    Our first live webinar in this series covers the modern Chief Information Security Officer's role and how it's evolved significantly over the past 25 years. The CISO is on the front lines, keeping up with new emerging technologies, and presenting to the board.

    But how do we know the CISO is effectively addressing all the necessary cybersecurity areas to be effective organizationally? Is the strategy correct? Is the structure of the organization set up for success? Are the right staff and skills present and is the CISO communicating effectively with the board? Is there a capability we are missing?

    This leadership session takes a holistic view of the business of being a CISO to protect the information assets of the organization.
  • Norman Marks on Making Business Sense of Technology Risk Recorded: Nov 27 2018 59 mins
    Norman Marks, CPA, CRMA, Author, Evangelist and Mentor
    Traditional approaches to technology risk lead to assessing it as 'high', 'medium or 'low'. But how do you know whether it makes business sense to take the risk or invest scarce resources into addressing it? Is it better to spend money on people and tools to mitigate cyber risk or to invest in a new product or marketing campaign?

    In this webinar, Norman Marks will share his thoughts on this challenge. He’ll talk about:

    -Why it’s necessary to express technology-related risk in business terms
    -Technology-related risk is just one of the business risks that need to be considered in making a decision
    -How, even a moderate risk, can take you over a 'tipping point'
    -Who should be involved in assessing technology-related risks
    -How to communicate technology-related risks to the board and top management
  • Have your vendors had their annual checkup? Recorded: Oct 31 2018 58 mins
    Brian Selfridge, Partner, Meditology Services & CORL Technologies
    You know this better than anyone working in IT security at a healthcare organization. One of the top vulnerabilities that continue to plague hospitals is cyberattacks, many of which are caused by doing business with third-party vendors.

    You’ve got a tight budget, limited resources and a painful path to get the physicians and board to prioritize IT security, but we’re here to help.

    We’ve teamed up with Meditology Services, a professional services company with an exclusive focus on healthcare IT, on a live webinar October 31, 2018 at 1:00pm EDT. Through data and analytics, Brian Selfridge, a Partner at Meditology Services & CORL Technologies, will address the ways you can improve your current risk practices and relationships with providers.

    Lower your pulse rate. Give your vendors a checkup. Register now
  • Norman Marks on Risk Management in the Extended Enterprise Recorded: Oct 23 2018 59 mins
    Norman Marks, CPA, CRMA, Author, Evangelist and Mentor
    What do we mean by risk in the extended enterprise? And how do we identify and then assess these risks?

    Our monthly in-depth conversation with Marks continues on a live webinar, October 23 at 2:00pm EDT. As a lifetime risk practitioner, Marks will discuss the specific use case of third-party management and the implications for risk decision-making across the extended enterprise.

    Let’s start a conversation
  • How to Thrive When Your Vendors Aren't Recorded: Oct 10 2018 63 mins
    James S. DeGraw, Partner, Ropes & Gray LLP (Corporate Technology Group)
    It’s likely you’ve been wondering if you’ve got the right vendor risk management program in place. The fact is if your vendors breached your company data, you’re liable, and your program is lethal.

    Many factors go into understanding the risk of doing business with your vendors—where will your company’s data be physically located and how access to it will be managed, what’s in your vendor’s previous audits and what does their cyber strategy look like.

    But one thing is certain: When your vendors are at risk, your business is at risk, impacting your entire organization’s ecosystem along with long-lasting legal consequences.

    Over the next few months, we’ll be taking a fresh perspective on vendor risk management that’s perfectly geared for you wherever you are in the VRM lifecycle.

    Our first event is a game-changer. A live webinar on Wednesday, October 10 at 2:00pm EDT featuring Jim DeGraw, a partner in Ropes & Gray’s corporate technology group. DeGraw regularly provides data incident crisis management counseling, leads investigations into potential data breach events, advises clients on establishing and conducting assessments of information security and data handling governance programs.

    DeGraw will walk you through the disruption and evolution of VRM: regulatory, demographic, technological, current events, and the role digital and the global economy play in these vendor risk changes.

    Find out how you can thrive when your vendors aren’t.
  • Norman Marks on Assessing the Effectiveness of Risk Management Recorded: Sep 25 2018 60 mins
    Norman Marks, CPA, CRMA, Author, Evangelist and Mentor
    How are you measuring the effectiveness of your risk management program? Assessment strategies over the past few years have become increasingly more sophisticated, information-intensive and complex. Norman Marks makes it straightforward.

    Our monthly educational discussion series continues with Norman Marks on Tuesday, September 25 at 2:00pm EDT. Marks will dive into the specifics of setting the right strategies and objectives to deliver value considering what might happen (risk), understanding how the achievement of objectives may be affected by events and situations as management and staff execute those strategies, and much more.

    Make and bold move and grab your seat today. Straightforward is a good tale to hear.
  • Norman Marks on the Convergence of Compliance and Risk Recorded: Aug 14 2018 59 mins
    Norman Marks, CPA, CRMA, Author, Evangelist and Mentor
    The ‘Yield’ road sign is a great example of the intersection of compliance and risk. The universal requirement for ‘Yield’ or ‘Give-way’ is defined as the following:

    The requirement that a driver shall “give way” to other vehicles means that he must not continue or resume his advance or maneuver if by so doing he might compel the drivers of other vehicles to change the direction or speed of their vehicle abruptly.

    Individuals are left to their own interpretation of this definition, from performing a prolonged stop to accelerating at the sign. Enforcement is difficult. And so it is with the numerous ways that Compliance and Risk must coordinate and collaborate within your organization.

    Norman Marks is a firm believer in taking a risk management approach to the business objective of operating in compliance with both laws and regulations and society’s expectations, even when they aren’t reflected in laws and regulations.

    Share your thoughts with Marks on a live webinar, August 14 at 2:00pm EDT when he’ll discuss his point of view about the practical application of the concept of risk appetite and its impact on influencing the day-to-day taking of risk.
  • Communicating Risk Within a Distributed IT Ecosystem Recorded: Jul 18 2018 64 mins
    Timothy Sellnow, Ph.D. and Deanna Sellnow, Ph.D., Professors, University of Central Florida, Strategic Communication
    You’re about to experience the ultimate guide to communicating risk. Wisk away your biases (admit it… we all have them), forego over-complicated explanations and sidestep the temptation to email risk-related issues to your colleagues.

    You’ll discover how you can intelligently improve your thinking about risk and communicating risk concerns from a science-based risk communication model on a live webcast July 18 at 2:00pm EDT.

    Timothy Sellnow, Ph.D. and Deanna Sellnow, Ph.D., are Professors at the University of Central Florida, Nicholson School of Communication, whose primary research and teaching focuses on strategic communication for risk management and mitigation. Tim and Deanna will share with you their best practice framework model for effective instructional risk and crisis communication during this informational session.

    Stake your claim to the ultimate guide. Despite risk’s wretched reputation, you’ll be glad you did.
  • The Mindset of Risky Business in the World of Finance Recorded: Jun 25 2018 61 mins
    Hersh F. Shefrin, Ph.D., Economist and Pioneer of Behavioral Finance
    Nobody likes to talk about it. It makes people feel…uncomfortable. I’m talking about the human side of risk.

    The way we think, act on and communicate about risk, plays a major part on how we would manage a cyber breach for instance. Consider Facebook, Equifax, Target, Uber and so on. And no one is better positioned to influence the outcomes on security and risk management than you.

    We’re not talking about making a sweeping cultural change enterprise-wide. You can make a slight change in your thinking about risk that just might help you avoid your next data breach or better communicate a phishing scam.

    Our first in a webinar series tackles the mindset that all of us inherently possess around risk and its impact on information security issues. The workshop kicks off on June 25 at 2pm EDT featuring Hersh Shefrin, one of the pioneers of behavioral finance. Shefrin holds the Mario L. Belotti Chair in the Department of Finance at the Leavey School of Business at Santa Clara University and has published scholarly articles in the Journal of Finance, Journal of Financial Economics and Review of Financial Studies.

    Don’t worry…you don’t have to slip into your Birkenstock’s for this. Just sign up and listen.
  • Norman Marks on IT Risk Recorded: Jun 5 2018 62 mins
    Norman Marks, CPA, CRMA, Author, Evangelist and Mentor and Noah Gottesman, Senior Director Risk Advisory Services, SAI Global
    Technology is no longer the exclusive domain of the IT department. Norman Marks thinks we should be talking about technology as a source of risk rather than just IT. What do you think?

    Share your thoughts with Marks on a live webinar, June 5 at 2:00pm EDT, when he’ll discuss his point of view that IT is more than just a department. It’s made up of people, processes and addresses risks that typically arise from failings in those processes through the operation of IT general controls (ITGC).

    From audit risks to cyber risks, Marks will help you understand that it may be necessary to take more risks than you might be comfortable with.

    Find out more during this special webinar, June 5 at 2:00pm EDT.
  • Norman Marks on the Three Lines of Defense Recorded: May 15 2018 57 mins
    Norman Marks, Governance, Risk Management and IT Audit expert and Noah Gottesman, Senior Risk Advisor, SAI Global
    Are you frustrated by the existing incentives attributed to the three lines of defense where the first line is typically rewarded for taking risk, but not managing it? Learn what Norman Marks has to say about this and more in a lively conversation on Tuesday, May 15 at 2:00pm EDT. Marks will be joined by Noah Gottesman, Senior Risk Advisor at SAI Global.

    Norman is a practitioner and thought leader in internal audit, risk management, and governance for over 40 years and will help to understand how to maneuver the complexities of the three lines of defense risk framework to achieve a clear and open line of communication and coordination between business, risk and compliance and audit.

    Whether you view the model as perfect or frustrating, register today for this informative webinar.
  • Put your SOX on…GDPR could be a bumpy ride Recorded: Apr 17 2018 63 mins
    Dan Felz, Associate, Alston & Bird’s Litigation & Trial Practice Group and Noah Gottesman, Senior Risk Advisor, SAI Global
    Remember when Sarbanes-Oxley hit in 2002? Most companies were scrambling to document, manipulate and merge piles of spreadsheets and Word documents to achieve compliance with this new law.

    Now we have GDPR. You may be feeling a rush of fear when you hear or see the acronym, but if you think of GDPR as the continuation and evolution of information security best practices, it won’t seem like such a scary ride.

    We’ll help you do just that during our live webinar on April 17 at 2:00pm EDT featuring data and privacy attorney Dan Felz. Dan is an associate in the Alston & Bird’s Litigation & Trial Practice Group and will be sharing with you his observations on what’s happening now beyond GDPR policies, contracts and check lists.

    Take your SOX off--failure to appear isn’t an option.
SAI Global
The SAI Global channel features presentations with Integrated Risk Management thought leaders, customers, analysts and leading solution experts. Our IRM solutions are a combination of leading capabilities, services and advisory offerings that operate across the entire risk lifecycle allowing businesses to focus elsewhere. Together, these tools and knowledge enable clients to develop a holistic, integrated view of risk.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: The CISO as a Transformational Role in Risk Management
  • Live at: Oct 6 2016 6:00 pm
  • Presented by: Michael Rasmussen- GRC 20/20
  • From:
Your email has been sent.
or close