Hi [[ session.user.profile.firstName ]]

How to Use a Risk Management Framework to Elevate Your Cybersecurity Program

According to Forrester, enterprises are predicted to spend $12.6 billion on cloud security tools by 2023, up from $5.6B in 2018. Yet, companies continue to experience sizable data breaches, with over 2000 confirmed cases of data breaches in 2019. As data breaches have become common, B2B buyers have become highly attuned to vendor risk. As such, security certs like SOC 2 and ISO 27001 reports have become common procurement gates.

Without a risk management framework or strategic tools in place, organizations will struggle to maintain their desired risk profile and struggle to identify weaknesses in their control environment even as they devote more resources to cybersecurity and compliance. By aligning your security and compliance program to a risk management framework, your organization can ensure that risks to assets are properly identified, assessed, monitored and remediated. You can also improve the utilization of cybersecurity tools and lower the cost of compliance.
Recorded Oct 28 2020 63 mins
Your place is confirmed,
we'll send you email reminders
Presented by
M. James Gomez, CISO | CyberSec Consulting & Jingcong Zhao, Director of Content Marketing | Hyperproof
Presentation preview: How to Use a Risk Management Framework to Elevate Your Cybersecurity Program

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Standing Up Your 1st Compliance Framework: Misconceptions and Best Practices Oct 28 2021 6:00 pm UTC 60 mins
    Aaron Poulsen, Senior Director of Security, Risk and Compliance | Hyperproof & Charlie Wood, EVP | Bonadio Group
    If your organization is trying to adhere to a compliance framework (e.g. SOC 2, ISO/IEC 27000 series, PCI, HIPAA) for the very first time, it’s normal to have questions and feel confused about many aspects of the project. Here at Hyperproof, we get a lot of questions from organizations new on the compliance journey, such as:
    What are risk assessments?
    Can you give us security policy templates?
    What controls do I need to implement to be SOC 2 compliant?
    What’s a gap assessment?
    Can I put SOC 2 and ISO 27001 compliance on auto-pilot with software?

    In this webinar, Aaron Poulsen, Hyperproof’s senior director of Security, Risk, and Compliance, and Charlie Wood, EVP at the Bonadio Group (a top 50 CPA firm) will discuss the most confusing aspects of standing up a security compliance program. They’ll address why it’s dangerous to take a “box-ticking” approach to compliance and why you can’t rely 100% on software to do all the work. Additionally, they’ll share ideas on how organizations can operate a rigorous compliance program and avoid adding a burden to their staff.

    Attendees will receive a Certificate of Completion, which can be used for CPE credit.
  • Reduce Your Compliance Burden - Start By Fixing the Evidence Collection Process Recorded: Sep 16 2021 59 mins
    Aaron Poulsen, Senior Director of Information Security, Risk and Compliance at Hyperproof
    Today, collecting evidence is a complex and time-consuming task, one fraught with risk if you do it manually and without planning. Further, audit fatigue among business unit stakeholders (and Compliance professionals) is becoming increasingly common, as organizations are subject to more regulations, standards, and industry-specific requirements.

    In this webinar, hear from Aaron Poulsen, Senior Director of Information Security, Risk, and Compliance at Hyperproof on:
    - Why evidence collection can be so hard in today’s increasingly complex regulatory landscape
    - Strategies to minimize disruptions and streamline responses from business unit stakeholders that typically happen during IT audits
    - Using technology to make the collection and management of evidence more efficient across the entire enterprise
    - How you can re-use evidence to reduce duplicative requests and efficiently achieve multiple cybersecurity standards, certifications, and attestations
  • How To Use DevOps Principles to Make Your SecOps Team More Productive & Happier Recorded: Aug 25 2021 61 mins
    Aidan Collins, Head of Enterprise Business, Hyperproof | Aaron Poulsen, Sr. Director of Infosec and Compliance, Hyperproof
    Information security compliance teams play an increasingly important role in the growth of their companies. Depending on its target market, a company might need to maintain multiple security credentials (e.g. SOC 2 Type 2, HIPAA, PCI, ISO 27001, etc.) in order to be considered as a viable business partner for an enterprise. Security compliance professionals are the ones that lead the charge on this work. But with ever-increasing demands on their time, and shorter timelines to deliver results, these teams need to rethink their approach.

    By deploying tested principles from the world of DevOps, security assurance teams can increase the scope of their role - from focusing on regulatory compliance to leading the charge on strategic security risk management. They can help their organizations avoid losses due to operational disruptions, security incidents, lawsuits, and other crises, help their organizations efficiently stay in compliance with regulatory requirements, and get through audits with fewer man-hours.

    Learn how an approach we call ComOps (Compliance Operations) applies the lessons learned in the world of software development to produce better security and compliance outcomes - and results in higher job satisfaction for overworked professionals in these key roles.
  • Security Certifications: How to Achieve and Maintain Them Efficiently Recorded: Aug 19 2021 59 mins
    Matt Lehto, Chief Growth Officer at Hyperproof
    Security certifications such as ISO 27001 and SOC 2 are becoming table stakes for passing vendor assessments when looking to sell to new companies and renew existing contracts. As security demands continue to become more stringent, information security teams are having to do more with the same or even reduced resources.
    In this webinar, Matt Lehto, Chief Growth Officer at Hyperproof, will discuss how security teams are tackling this problem and outline some strategies they can use to make it easier to manage increasing workload and ways to create efficiencies when pursuing multiple security certifications. He will also show you how to efficiently manage security certification projects in Hyperproof’s compliance operations software solution.
  • How Motorola is Transforming Evidence Collection for Data Protection Compliance Recorded: Jul 8 2021 58 mins
    Paula Pileggi, Senior Director Global Data Protection & Rebecca Streib Montee, Director, Global Data Protection Compliance
    A popular saying among security, privacy and corporate compliance circles is “trust, but verify”. It’s a popular saying because it neatly captures so much of what compliance professionals have to do: collecting evidence to verify compliance.

    Years ago, collecting evidence might have been easy. Today, it’s a complex and time-consuming task, and one fraught with risk if you do it manually. In this webinar, hear from data protection compliance leaders at Motorola Solutions on 1) why and how their team is re-inventing their approach to collecting evidence for data protection compliance, 2) the technology capabilities her team is acquiring to collect and manage evidence more efficiently across the entire enterprise, and 3) why their team is creating a brand new role focused on compliance operations.

    What attendees will learn:
    - Motorola Solutions’ approach to data protection compliance and why collecting evidence is challenging for the organization
    - What a better approach to evidence management entails and key technology capabilities that can streamline evidence management
    -What the future of security assurance looks like and why organizations like Motorola are creating new roles focused on compliance operations
    Originally aired on Compliance Week 6/22/21.
  • Security Certifications: How to Achieve and Maintain Them Efficiently Recorded: May 27 2021 45 mins
    Matt Lehto, Chief Growth Officer at Hyperproof
    Security certifications such as ISO 27001 and SOC 2 are becoming table stakes for passing vendor assessments when looking to sell to new companies and renew existing contracts. As security demands continue to become more stringent, information security teams are having to do more with the same or even reduced resources.
    In this webinar, Matt Lehto, Chief Growth Officer at Hyperproof, will discuss how security teams are tackling this problem and outline some strategies they can use to make it easier to manage increasing workload and ways to create efficiencies when pursuing multiple security certifications. He will also show you how to efficiently manage security certification projects in Hyperproof’s compliance operations software solution.
  • Compete and win with ComOps and a Hyperproof Partnership! Recorded: May 25 2021 46 mins
    Lynn Harrington, VP of Partnerships at Hyperproof
    As an MSSP, you’re in the business of helping clients protect their business and customer data. With cyberattacks and privacy regulations on the increase, now is the time to optimize your business. With Hyperproof’s Compliance Operations platform, you can stand up IT compliance programs faster and manage them more effectively across customers -- improving your service delivery and profit margin as a result. Come learn more about Hyperproof and our Partner Program.
  • How to Lead & Build an Innovative Security Organization From Security Leaders Recorded: May 20 2021 65 mins
    Warner Moore, vCISO, Gamma Force | Ed Glover, vCISO, Cloud Security Labs | Casey Allen, Infosec Manager, Philips
    CISOs and their teams are hard at work protecting and helping their organizations meet ever-growing IT compliance requirements. What makes their jobs harder is those outside of the security and compliance teams often have little understanding and appreciation of the value of the security work. Security and compliance teams are often perceived as the department that says “no,” and CFOs and CEOs have a hard time understanding why security teams need more resources to do their job.

    In this session, a panel of security and revenue leaders will share their experience with how security organizations can approach assurance work in a way that enables the business strategy and improves operational efficiency. They’ll also share their hard-earned experience on how to communicate the value of security assurance work in a language senior business executives understand.
  • Compliance Operations Methodology - Have You Heard Of It? Recorded: Apr 28 2021 53 mins
    Matt Lehto, Chief Growth Officer at Hyperproof
    Join us on this webinar to learn about the Compliance Operations methodology, a methodology that helps companies manage their IT risks in a more rigorous way while getting day-to-day audit and compliance tasks done in the most efficient way possible. This methodology can be used by organizations of any size, any compliance maturity level, and in any industry. We’ll also show you how to implement this methodology in Hyperproof’s compliance operations software platform, starting with setting up an organized system for collecting and managing evidence.
  • You’ve done SOC 2, What's Next? Recorded: Apr 22 2021 57 mins
    Charlie Wood, EVP at Bonadio & Aidan Collins, Head of Enterprise Business at Hyperproof
    Even though you may have gotten your SOC 2 report because your customers asked you to, compliance work, when approached the right way, can be an enabler of the business. For example, you can leverage your SOC 2 work to get a headstart on becoming compliant with a variety of security and privacy compliance standards and regulations your company will need to compete in new markets. Compliance effort also serves as a forcing function for improving your security posture.

    On this webinar, we’ll show you how to use SOC 2 as a starting point to build out a strategic security compliance roadmap aligned to your business goals. We’ll also discuss what you can do to scale up your compliance program efficiently as your organization grows. Key topics covered include:
    - Trends in SOC 2
    - Using SOC 2 to get a headstart on meeting additional regulations & compliance standards such as SOX and ISO 27001
    - Challenges you may encounter when scaling up security compliance programs
    - How you can take an agile approach to compliance work and avoid duplicative, admin tasks
  • Introduction to the Compliance Operations Methodology Recorded: Mar 18 2021 52 mins
    Craig Unger, CEO of Hyperproof
    At this time, there’s an increasing number of information security regulations and standards companies must conform to in order to do business with their target customers. What’s more, these information security standards (e.g., SOC 2, CSA STAR, CMMC, ISO 27001, NIST 800-53) are getting updated more frequently than in the past. Under these conditions, taking an ad-hoc approach to security assurance doesn’t cut it anymore. Companies that want to keep up with multiple standards and contain the costs of compliance need an organized approach and a tech stack that supports efficient and ongoing compliance operations.

    Join us on this webinar to learn about the Compliance Operations methodology, a methodology that helps companies manage their IT risks in a more rigorous way while getting day-to-day audit and compliance tasks done in the most efficient way possible. This methodology can be used by organizations of any size, any compliance maturity level, and in any industry. We’ll also show you how to implement this methodology in Hyperproof’s compliance operations software platform, starting with setting up an organized system for collecting and managing evidence.
  • Taking a Disciplined and Rigorous Approach to Managing IT Risks Recorded: Feb 18 2021 62 mins
    Matt Kelly, CEO | Radical Compliance & Aidan Collins, Head of Enterprise Business | Hyperproof
    Organizations today are operating in a “risk-volatile” business landscape. Technology adoption is accelerating and so is the reliance on third parties. COVID-19 disrupted the operating models of organizations like no other; the shift to mass remote work exacerbated security, data privacy, and compliance risks. Risk failures can be quite expensive, ranging from compliance penalties to operational disruption to the loss of key stakeholder support.

    Organizations that don’t take a rigorous approach to IT risk management will struggle to maintain their desired risk profile and miss critical issues -- even as they spend more money and time on cybersecurity and security assurance. In this webinar, we’ll discuss why a shift to a more disciplined risk management approach is necessary, and how to make that shift from a practical standpoint. Key topics covered include:

    - Characteristics of today’s IT risk landscape and why taking a risk-first approach is more important than ever before
    - Compliance Operations methodology -- a new methodology to manage IT risks in a consistent, disciplined approach
    - How to take an incremental approach to standardize and automate key security assurance tasks
  • Results Are In! - 2021 IT Compliance Benchmark Findings Revealed Recorded: Feb 3 2021 59 mins
    Jingcong Zhao, Director of Content Marketing | Hyperproof & Matt Lehto, Chief Growth Officer | Hyperproof
    In December 2020, Hyperproof surveyed 1,029 cybersecurity, security assurance/compliance and IT decision-makers within the technology industry. The survey examines IT security and compliance decision-makers’ attitudes towards the current cyber risk landscape, and companies’ budget, staffing, and technology purchase plans in 2021 to manage IT risks and fulfill compliance obligations. It asked respondents to share details about their organizations’ day-to-day practices in the realms of compliance operations, vendor risk management and IT risk management.

    If you’re an information security or GRC professional, this is the webinar you don’t want to miss. Sign up to hear the key findings from this comprehensive survey. What we’ll discuss:
    - Top survey findings and key differences between various segments (e.g. company size and location)
    - Leading practices for ensuring security and IT compliance today
    - What leading organizations -- those who are are better at achieving organizational objectives and avoiding security lapses and compliance violations than the average organization -- do differently than the rest of the pack.

    When you register, you’ll also receive a copy of the 2021 IT Compliance Benchmark Report, which will be released on January 26.
  • Getting Ready to Meet CMMC Requirements Recorded: Dec 10 2020 57 mins
    Matthew Monroe, Operations Manager & CISSP | Omnistruct & Joshua Bobbitt, CEO | FortifiedLogic
    The Cybersecurity Maturity Model Certification (CMMC), based on NIST 800-171 and other global standards, is the new unified cybersecurity standard the DOD will use moving forward to verify that all of its contractors have the appropriate level of cybersecurity practice and processes in place to protect controlled unclassified information (CUI) and federal contract information (FCI) on their networks.

    Companies that contract with the DoD will start to see CMMC requirements as part of RFIs as early as the end of 2020. Covered entities will need to pass a third-party assessment and receive certification prior to contract award. Further, the CMMC is expected to create ripple effects across industries and be adopted by other governmental agencies and private sector organizations.

    Join this conversation featuring Josh Bobbit, Founder, and CEO of Fortified Logic, and Matt Monroe, Operations Manager at Omnistruct, on how the CMMC may impact your industry and organization, your internal cybersecurity processes, and third-party due diligence processes. Understand key steps your organization can take in the immediate term to become CMMC ready and demonstrate your compliance posture.
  • Top Considerations When Auditing Cloud Computing Systems Recorded: Nov 19 2020 62 mins
    Jacques Nack, CEO | JNN Group & John Gukian, CISSP and Senior Security Engineer | IBM
    Cloud computing represents a drastic departure from legacy IT in virtually every respect. The new technology architecture, the nature of how cloud is provisioned, and the shared responsibility model means that IT audit must be significantly altered to provide assurance to stakeholders that their cloud adoption is secure.

    If you are CISO, security and compliance manager, internal auditor or external auditor, and you want to skillfully address the specific concerns that arise from the use of cloud services, this is a webinar you wouldn’t want to miss.

    Jacques Nack, CEO of JNN Group, and John Gukian, CISSP and Senior Security Engineer at a leading tech company, are two cybersecurity experts who contributed to the development of the CCAK, a new cloud auditing credential from the Cloud Security Alliance. During this virtual conversation, Nack and Guckian will share their perspectives on audit cloud IT environments and how earning the new credential -- CCAK -- can help cloud auditing professionals be more effective in their work.

    Topics covered include:
    - The key differences between auditing a cloud environment vs. a legacy IT environment
    - The unique risks and requirements of compliance in the cloud
    - Roles and responsibilities you need to have within your company to address cloud security
    - Data security and data privacy compliance issues you need to be prepared for when expanding outside the U.S.
    - How earning the CCAK can help cloud security professionals become more effective
  • How to Avoid Control Deficiencies That Can Negatively Impact Audit Results Recorded: Nov 6 2020 41 mins
    Petrina Youhan, Director of Channel Partnerships, Hyperproof
    Maintaining effective controls at all times should be the goal of every compliance team. When controls and other compliance safeguards fail, they can wreak havoc on an organization. Not only can control deficiencies negatively impact your audit results, they can lead to costly data breaches, business disruptions, damage to your reputation and revenue loss. Fortunately, many control failures are entirely avoidable if an organization has the right mitigation processes in place. Watch this webinar to learn how to avoid these control deficiencies and get the best audit results from them.
  • How to Use NIST SP 800-53 to Protect Your Information Systems and Resist Attacks Recorded: Nov 6 2020 58 mins
    Kenneth Cooper, CTO, Datapoint Solutions Consulting, and Jingcong Zhao, Director of Content Marketing, Hyperproof
    In this webinar, we will discuss why IT risk management frameworks like NIST SP 800-53 are particularly relevant now, key security control families within NIST SP 800-53 that need to be operational to ensure secure remote work, what's new in the latest version of NIST SP 800-53, and ways to save time and avoid duplicative effort when adhering to multiple IT compliance standards.
  • Beyond COVID-19: How to Build a Strong Risk and Compliance Management Section Recorded: Nov 6 2020 62 mins
    Craig Unger, CEO and Founder, Hyperproof and Matt Kelly, CEO and Editor-in-Chief, Radical Compliance
    In the past year, organizations’ business continuity plans, security plans, crisis management plans and customer acquisition plans were all put to the test. COVID-19 has not only introduced new risks to organizations; it has amplified and complicated existing risks organizations always faced. Further, the virus has spurred an economic recession that’s unprecedented in scale.

    Matt Kelly (CEO and editor of Radical Compliance) and Craig Unger (founder and CEO of Hyperproof) have a lively discussion featuring topics including:

    - How the risk landscape has shifted since the emergence of COVID-19
    - Key capabilities organizations will need to develop to effectively mitigate these risks
    - Key roles and opportunity areas for compliance professional
    - How to make the business case to secure budget and resources for compliance
    - Metrics that risk leaders need to track to ensure successful risk management efforts
  • CMMC Demystified: What Defense and Aerospace Suppliers Need to Know Recorded: Nov 6 2020 64 mins
    Jerry Leishman, VP & National Director, CORTAC Group, and Jingcong Zhao, Director of Content Marketing, Hyperproof
    The Cybersecurity Maturity Model Certification (CMMC), based on NIST 800-171 and other global standards, is the unified cybersecurity standard the DOD will use moving forward to verify that all of its contractors have the appropriate level of cybersecurity practice and processes in place to protect controlled unclassified information (CUI) and federal contract information (FCI) on their networks.

    Companies that contract with the DoD will start to see CMMC requirements as part of RFIs as early as Fall of 2020. Covered entities will need to pass a third-party assessment and receive certification prior to contract award. Further, the CMMC is expected to create ripple effects across industries and be adopted by governmental agencies and private sector organizations. Watch this webinar to learn all about the CMMC and how to prepare for its requirements.
  • Privacy Considerations For Bringing Employees Back Into Physical Workplaces Recorded: Nov 6 2020 47 mins
    Julie Ashworth Glover, Founder and Principal, 6 Degrees Privacy Consulting, LLC, and Craig Unger, CEO and Founder, Hyperproof
    As private employers and federal, state and local governments begin to assess business re-opening measures in the wake of the COVID-19 pandemic, employers are re-evaluating how to safely transition employees back to the physical workplace. There’s a host of regulations employers must abide in the areas of health, safety, wage and hour issues, discrimination and harassment. In addition, employers need to be mindful of privacy regulations such as CCPA, U.S. state biometric laws and GDPR as they straddle the line between protecting employees’ health and maintaining the privacy rights of employees.

    In this virtual fire-side, Julie Ashworth Glover, JD, CIPP-US, CIPM, Founder and Principal of 6 Degrees Privacy Consulting, LLC, and Craig Unger, CEO and Founder of Hyperproof, will discuss the key privacy considerations employers must keep in mind as they develop plans to transition employees back to work in the physical workplace.
Monthly webinars giving an edge to compliance professionals
We seek to empower compliance officers and everyone who participates with compliance efforts. With our content, we aim to help these professionals guide organizations toward correct actions, a more ethical culture, fairness and greater transparency.

Headquartered in Bellevue, WA, Hyperproof serves as a system of record for an organization’s compliance data and gives teams involved the tools they need to collaborate with stakeholders in and outside of their organization. With this innovative approach, we’re able to help organizations meet their highest aspirations and demonstrate their commitment to protecting their customers, shareholders, partners and suppliers along with the greater community.

Check it out for yourself at hyperproof.io.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: How to Use a Risk Management Framework to Elevate Your Cybersecurity Program
  • Live at: Oct 28 2020 6:00 pm
  • Presented by: M. James Gomez, CISO | CyberSec Consulting & Jingcong Zhao, Director of Content Marketing | Hyperproof
  • From:
Your email has been sent.
or close