How Cyber (measured in dollars) Earns a Spot on the Risk Register

Presented by

Jerry Caponera is the VP Cyber Risk Strategy at Nehemiah Security

About this talk

Cyber has yet to be fully integrated into the suite of business functions and monitored risks within most organizations. GRC is the mechanism to align cyber and the business, but it’s current state is not sufficient. Governance hierarchy is ineffective (CISOs reporting to the CIO or COO), Risk leveraging ambiguous risk measurements, and Compliance mistaken as security. Moving forward, Governance must be redefined, making CISOs business leaders, reporting to the Board. Risk should leverage traceable data to measure in a common business language. Compliance should be the baseline for security initiatives, not the end goal. When these initiatives can be achieved, GRC will transform cyber into a business enabler. Jerry Caponera is the VP Cyber Risk Strategy at Nehemiah Security where he leads the effort to quantify cyber risk in financial terms. Prior to Nehemiah he founded PivotPoint Risk Analytics which focused on cyber risk quantification through value-at-risk modeling and simulations. Jerry has a broad background in cyber, having worked for incident response, malware analysis, and services companies. He has spoken at a number of conferences worldwide including ISS World MEA in Dubai, InfoSecurity Russia in Moscow, and TM World Forum in Nice, France. He holds an MBA from the University of Massachusetts, an MS in Computer Science from the University of Pennsylvania, and a BS in Electrical Engineering from the University of Buffalo.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (31)
Subscribers (2491)
SCIPP International was formed to develop, define and promote best business practices for security awareness training with a singular focus on increasing understanding and instilling positive behavioral changes as they relate to protecting information assets. SCIPP International was founded in 2006 and relies on a distinguished Board of Advisors which is composed of an international body of information security luminaries, business executives and training professionals from around the globe. Complete biographies and security awareness course offerings for general end-users and web application developers are available on our website: www.SCIPPinternational.org