Norman Marks on Assessing the Effectiveness of Risk Management
How are you measuring the effectiveness of your risk management program? Assessment strategies over the past few years have become increasingly more sophisticated, information-intensive and complex. Norman Marks makes it straightforward.
Our monthly educational discussion series continues with Norman Marks on Tuesday, September 25 at 2:00pm EDT. Marks will dive into the specifics of setting the right strategies and objectives to deliver value considering what might happen (risk), understanding how the achievement of objectives may be affected by events and situations as management and staff execute those strategies, and much more.
Make and bold move and grab your seat today. Straightforward is a good tale to hear.
RecordedSep 25 201860 mins
Your place is confirmed, we'll send you email reminders
CISO’s in all industry verticals today are being asked to address their board of directors, and rightly so as cybersecurity should be a top 5 risk in any organization. What do you say? More importantly, what do they want to hear? This presentation leverages an analysis by the presenter of the many ideas promoted by large consulting firms to determine what is important for effective board interaction.
Communicating with the board is a leadership style that will vary amongst CISOs. The “Style” factor is one of the ‘7-S Framework Applied to Cybersecurity Leadership’ factors (strategy, structure, systems, staff, skills, style, shared values) as detailed in the new book CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers available at www.amazon.com/author/toddfitzgerald . This session will explore the Style component for the CISO to develop a successful program.
The CISO’s role to protect information assets is critical to the organization and must operate as a business partner. As any good business partner, the CISO must reflect on the past year, examine trends, emerging technologies, organizational maturity and business imperatives to develop appropriate goals for the coming year. Critical to this is understanding the CISO leadership trends and how to be an even more effective CISO in the years ahead.
This session uses the 7-S framework and examines one key trend in each of the 7 areas that the CISO should be aware of for 2020. The ‘7-S Framework Applied to Cybersecurity Leadership’ factors (strategy, structure, systems, staff, skills, style, shared values) are detailed in the new book CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers available at www.amazon.com/author/toddfitzgerald . This session will explore each of these factors and their meaning in 2020 for the CISO to develop a successful program.
Cultural values are the glue that explains what the organization really cares about. The CISO has a responsibility to understand and promote privacy and cybersecurity concepts, laws and regulations, and meaningful policies to enable the organization to protect the information assets. This session will examine the privacy and data protection concepts every CISO must know, laws and regulations, meaningful policies, as well as those things we do that eat into our cultural ability to be successful.
The “Shared Values” factor is one of the ‘7-S Framework Applied to Cybersecurity Leadership’ factors (strategy, structure, systems, staff, skills, style, shared values) as detailed in the new book CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers available at www.amazon.com/author/toddfitzgerald . This session will explore the Shared Values component for the CISO to develop a successful program.
You have been a techie and developed great security skills. Now you want to move into management, should you? Will you be happy there? How will your life change? Is this a good move? How will you get there? This session will examine what this career choice really means.
The session will explore the differences between operating as a technical staff vs the functions and challenges a manager faces. This will discuss the competencies required and will help those trying to decide upon this career choice. The presenter has held Global CISO/security leadership roles across multiple organizations, after starting out as a techie computer programmer and then DBA.
The “Skills” factor is one of the ‘7-S Framework Applied to Cybersecurity Leadership’ factors (strategy, structure, systems, staff, skills, style, shared values) as detailed in the new book CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers available at www.amazon.com/author/toddfitzgerald . This session will explore the Skills component for the CISO to develop a successful program.
Have you noticed lately that your InfoSec team is made up of Gen Xers, Millennials and Baby Boomers?
Perhaps you’re finding that your co-workers who are in their 50s on up are more collaborative. And those younger are more opinionated, more likely to take risks and make quicker decisions.
Don’t just shake your head yes.
It’s not enough to simply co-exist with your colleagues, direct reports or managers. Understanding the multi-generational workplace is a critical factor to meet the daily challenges like discovering the weak links in your supply chain or identifying potential data breaches.
Stick around for our continuing CISO Leadership Series featuring Todd Fitzgerald, veteran InfoSec practitioner and CISO, who will debunk misconceptions you may have about generations, explore the commonalities and begin to formulate how you might approach one another to affect a more powerful team.
Some folks very successfully use “the dark side of the force” to further InfoSec practices as ethical hackers.
And we’ve lined up a panel of three of the world’s leading--and coolest--white hat hackers out there:
Vinny Troia, Joshua Crumbaugh and Alex Heid.
Over the next couple of weeks we’re going to introduce you to our high-profile digital investigators, tell you some of their mind-bending stories and show you why you should carve out time in your calendar for this event.
Their stories are going to reveal what it’s like behind “Darth Vader’s mask”--an exclusive peek inside the mind of an ethical hacker.
The webinar will go live on May 9 at 2 pm EDT. Take action now to register.
Norman Marks, CPA, CRMA, Author, Evangelist and Mentor
The meaning of those words is broad.
And means something different to different IT Security folks.
But there’s one common thread: taking a business-first approach to technology risk. If this is something you’re struggling with, we’d like to have you join us for a live webinar on April 30 at 2:00pm EDT with Norman Marks leading the discussion.
Technology risk must be an ongoing business conversation. Are you in?
Susan Morrow, Head of Research & Development, Avoco Secure
Listen to this webinar as we explore how an effective security policy can prevent your workforce from falling foul of attacks from cyber criminals.
A well-developed security policy is a powerful risk mitigation tool. As the media reminds us every day, it's often not IT systems, but people, that fall victim to hacking attempts. Regardless of company size, a security policy can establish actionable ways for your organization to foster and enforce a workforce culture of security awareness.
To help information security leaders build an effective security policy or fine-tune an existing program, SAI Global has partnered with security expert Susan Morrow, Head of Research & Development at Avoco Secure, to discuss the critical steps you should take to develop your security policy.
Susan will share:
• The risks of not having a security policy
• The value of going beyond off-the-shelf policy solutions
• Critical steps in policy development
• The effectiveness of a global policy vs. department-specific policies
• Suggestions on policy content, scope and implementation
Mike Nobers, Director of Channel InfoSec Institute
With email providing the entry point for 91% of global cyber-attacks, a sustainable information security and data privacy risk management program needs to empower employees and third-party vendors to detect, avoid and report security risks and phishing attacks.
Consider account verification emails, DocuSign requests, cloud file sharing alerts and delivery notifications. These asks could actually be a phishing attack in disguise.
Learn to spot the signs and how to enable your team to be the first line of defense.
Join SAI Global and the InfoSec Institute as Mike Nobers, Director of Channel InfoSec Institute discusses the critical steps in addressing phishing in the workplace. Exploring how software can help organizations identify risk and phish-susceptible individuals with market-leading risk intelligence capabilities that can help ensure a security culture.
Topics to be covered include:
• Why Phishing attacks are so successful
• How to approach team members with awareness training
• What technology measures organizations can take to protect themselves
• Where the threat landscape is heading
Are you continuously refining many of your business processes and procedures just to get your job done? What if there was an easier way to retool some of those broken methods and land on processes that make better sense?
Tune in for our 4th live webinar in our CISO Leadership Series with Todd Fitzgerald, veteran CISO, April 17 at 2:00pm EDT. Fitzgerald will talk us through the ‘systems’ area of the McKinsey 7S diagnostic model which is widely used by academics and practitioners, and remains one of the most popular strategic planning tools
If you’re thinking that your business processes and procedures are ineffective or need improvement, take a moment to register for this enlightening presentation.
Norman Marks, CPA, CRMA, Author, Evangelist and Mentor
Amid the common definition of the phrase ‘risk appetite’, GRC trailblazer Norman Marks, debunks its conventional meaning during a live talk on Tuesday, March 26, 2019 at 2:00pm EDT. Marks will bring you a fresh perspective on recognizing that no organization will succeed if it doesn’t take a risk.
So let’s stop talking about managing and mitigating risk. Let’s talk about what might happen.
Think blue skies…if you could select your supervisor, who would you it be? Your CEO, CTO, CIO? On a live session, March 13 at 2:00pm EST, accomplished veteran CISO, Todd Fitzgerald, will help you understand how your role as an InfoSec practitioner is viewed within your organization based on who you report to.
By the way, your horoscope for today is to register for this intriguing conversation.
Norman Marks, CPA, CRMA, Author, Evangelist and Mentor
Have you noticed that the cost and scope of the SOX compliance program keeps multiplying? What’s up with that?
Our leading GRC authority, Norman Marks, will explore the causes of this emerging trend and more during a live talk on Tuesday, February 6, 2019 at 2:00pm EST. Marks’ risk-based, top-down approach to SOX compliance just might surprise you enough to take action.
No matter how you put your sox on, you’ll want to put this SOX seminar on your calendar
Brian Selfridge, Partner at Meditology Services & CORL Technologies
Remember when there was a lot of ruckus about robots taking over people’s jobs? There’s no immediate cause for you to worry about that, but we do know there’s a widespread concern over the shortage of qualified InfoSec talent, especially in the healthcare industry.
We have a solution that we think can help. We’ve teamed up with Meditology Services LLC, a professional services company with an exclusive focus on healthcare IT, to bring you a panel of expert InfoSec practitioners on a live webinar February 6 at 2pm EST. This user group will talk about everything from Digital Risk automation tools to hiring and recruiting the best talent.
Start your own trend…register now for this timely conversation.
Customer Panelists: Andrew Seward, CISO, Elliot Health System; John Abella, IT Security and Enterprise Architecture, Main Line Health; Charles (Chuck) Goff, Cyber Security Program Manager, Information Services, Dartmouth Hitchcock Medical Center
What’s your strategy for protecting your network systems? Whether you’ve just redefined your cyber strategy, rethinking your approach or needing to develop a program, tune in for the 2nd live webinar in our CISO Leadership Series with Todd Fitzgerald, veteran CISO, January 30 at 2:00pm EST.
Fitzgerald will talk through the 7S diagnostic model involving strategy, structure, systems, staff, skills, style and shared values. The 7S Framework is mainly used to trace performance problems in an organization for the purpose of changing or improving these areas.
Only increased awareness and education can strengthen your cyber program. If you’re thinking that your information security approach is insufficient or needs improvement, take a moment to register for this instructional presentation.
Norman Marks, CPA, CRMA, Author, Evangelist and Mentor
Norman Marks may not have coined the term, Governance, Risk and Compliance—but he’s one heck of a GRC giant. During a live chat on Tuesday, January 22, 2019 at 2:00pm EST, Marks will share his wisdom, what makes him tick, why he’s been so successful, what failures he’s had to overcome and his forecast on the future of GRC.
Sneak peek! One of the quirky questions we’ll be asking Marks is: if you were given a 30-second ad slot promoting IRM (no products) during the Super Bowl, what would it say?
Find out if Marks is optimistic about the future of IRM. It’ll be a smart start to the new year.
The financial services industry is increasingly impacted with new regulations, as well as the growing risk from hacktivists, nation states, and other cyber criminals. As the types of cyber threats rapidly grow and change, cybersecurity regulations are trying to keep up.
Join our live webinar with Paul Ferrillo, Attorney and Shareholder with Greenberg, Traurig LLP as he reviews the changing regulatory landscape and offers insights on how to address it.
Ferrillo will review:
• Applicable Federal Cybersecurity Guidelines
• NIST Cybersecurity Framework
• State Cybersecurity Guidelines in NY and California
• More regulation to come
• How GDPR factors in
Terence Lee, CBCP, VP Strategic BCP, an SAI Global Company
Business continuity professionals are increasingly pulled into risk management discussions and activities that are outside of the typical business continuity and disaster recovery capabilities. Now tasked with assessing critical vendors for information security, SLA performance, and more, it's imperative to understand:
• How to implement best practices to identify and manage third-party
risk and exposure
• Improve vendor performance
• Obtain assurance that the vendor has recovery and contingency
planning and testing in place in order to provide continued access
to products and services within SLAs and critical process RTOs.
Join us on Wednesday, December 19 at 2:00pm EST when Terrance Lee, VP Strategic BCP will address these current realities.
SAI Global is pleased to announce a new partnership with Todd Fitzgerald, Managing Director and CISO, CISO Spotlight, LLC. Together, we're launching a new CISO Leadership series that will help you become a better leader.
Our first live webinar in this series covers the modern Chief Information Security Officer's role and how it's evolved significantly over the past 25 years. The CISO is on the front lines, keeping up with new emerging technologies, and presenting to the board.
But how do we know the CISO is effectively addressing all the necessary cybersecurity areas to be effective organizationally? Is the strategy correct? Is the structure of the organization set up for success? Are the right staff and skills present and is the CISO communicating effectively with the board? Is there a capability we are missing?
This leadership session takes a holistic view of the business of being a CISO to protect the information assets of the organization.
The SAI Global channel features presentations with Integrated Risk Management thought leaders, customers, analysts and leading solution experts. Our IRM solutions are a combination of leading capabilities, services and advisory offerings that operate across the entire risk lifecycle allowing businesses to focus elsewhere. Together, these tools and knowledge enable clients to develop a holistic, integrated view of risk.