The full webcast that accompanies this slide deck is available here:
An organization’s investment in security should not stop at simply meeting the compliance standards. A risk-based approach to information security will not only help you achieve continuous compliance, but also protect the information security assets of your organization.
This webcast (click here) and slide deck (below) will discuss ten steps to improve risk and security strategies and provide a simple framework for executing a risk-based security management program.
In addition, Techtonica‘s Daniel Blander (@djbphaedrus) and I share stories about how organizations are successfully relating compliance and security initiatives to risk management and aligning their efforts with business objectives.
We also discuss how enterprises are finding the need to be more proactive in security. Essentially they want to move things from simply focusing on alerting, to provide useful information that actually enables strategic decisions.
Another dynamic at play is that compliance is really beginning to drive conversations around risk management area, this is a result of audits focus on top-down, risk-based compliance.
In addition, there is the need by executive management to more effectively allocate budgets based on objective measures. Since many of these executives are financial professionals, they are accustomed to balancing risk versus reward.
Finally, many of the higher profile information security events and breaches are more visible than ever to non-technical executives and our environment. How many executives in your company read the Wall Street Journal or other digital source of news, then send around lots of links to stories that relate to information security?
This surge of interest provides a prime opportunity for us to engage with them around the importance of what we do every day.