Priyanka Aash, profile picture
Uploaded byPriyanka Aash
487 views

Partnership with a CFO: On the Front Line of Cybersecurity

This document summarizes a presentation given by Terry Ragsdale, CFO of LSQ Funding Group, and Dr. Christopher Pierson, CSO and GC of Viewpost, on partnering with the CFO on cybersecurity issues. The presentation outlines 4 key areas of focus: understanding drivers of the CFO and CSO roles, educating partners on relevant cybersecurity issues and risks, making compelling arguments using financial impacts, and establishing proper governance and team structures. It provides examples of discussing risks in terms of financial metrics like costs of data breaches and potential cost savings from security controls. The goal is to help CFOs and CSOs better align cybersecurity with business priorities and funding.

Embed presentation

Downloaded 27 times
SESSION ID: #RSAC Terry Ragsdale Partnership with a CFO: On the Front Line of Cybersecurity GRC-T11 CFO LSQ Funding Group Dr. Christopher Pierson CSO and GC Viewpost @DrChrisPierson
#RSAC Setting the Stage 2
#RSAC Setting the Stage 3 Ernst & Young: Americas March 2014 CFO: need to know insights for CFOs PwC's 2015 Annual Corporate Directors Survey enRaged?enRaged?
#RSAC Setting the Stage 4 Ernst & Young: Partnering for performance Part 3: the CFO and the CIO
#RSAC Setting the Stage 5 4 Key Areas: Understanding Drivers Educating Partners Compelling Arguments Governance & Team
#RSAC Understanding Drivers
#RSAC Understanding the Drivers 7 CFO Goals: Business Opportunities Generate Profit Business Predictability Board & Investor Relations Funding/Capital Raises CSO/CISO Goals: Not in the News Reduce Risk/Keep Safe Business Enabler
#RSAC Understanding the Drivers 8 Execution: Trusting the Numbers Making them Confess Enablement: House in Order Funding the Strategy Development: Defining the Strategy Telling the Story EY-CFO-need-to-know-Insights-for-CFOs
#RSAC Understanding the Drivers 9 Risk Reduction Frequency Severity Likelihood Metrics to Illustrate Customer Trust Ignoring the 0.1% Risks
#RSAC Educating Partners
#RSAC Educating Partners: News 11 Cybersecurity Incidents: Your Sector Nationwide Risk Management Data Risk Data from Insurers Financial/GAAP Publications Target CFO Testifying before Congress in 2015
#RSAC Educating Partners: Technology 12 Focus on Consumer Tech Focus on Impact not Tech Risk not Security (directly) Bring back to Business Transition to Company
#RSAC Educating Partners: Board/Executives 13 Intense Board Attention Reputational Impact Differs Credibility is a Business Value SEC Oversight Shareholder Derivative SuitsKPMG: Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom
#RSAC Compelling Arguments
#RSAC Compelling Arguments: What works? 15 Financial Arguments? Cost Savings Risk Details Security Studies/Risk Studies? Breach Costs Cybercrime Costs Litigation Costs Evidence of Current/Past Issues? Tied to Past Control Costs
#RSAC Compelling Arguments: What works? 16 Tying Controls to Business Goals? Shifting CapEx to OpEx (from Balance Sheet)? Streamlining Efficiencies? Current News? Fear Mongering?
#RSAC Compelling Arguments: What works? 17
#RSAC Compelling Arguments: Hypothetical 18 MDM Management & Encryption Average Cost of Data Breach in U.S. $154 yr./record Average Number of Records on Devices – 1,000 Costs of Encryption and MDM per device is $250/yr. per device
#RSAC Governance & Team
#RSAC Governance & Team: Risks, Options 20 How do you Communicate the Risk? Tracking Results Ensuring Controls and Budget Solve for Meaningful Business Tie Business Wins to Team Efforts
#RSAC Now What? Application
#RSAC Start Now Weeks & Months Ahead Within One Year Collecting Newsworthy Articles Business Goals, Priorities, and Opportunities for Cyber through Business Evolution Tie budget to true risks that have surfaced recently – especially among competitors Reviewing Consulting, Board, GAAP, NACD, and Financial Guidance Materials (KPMG, EY, PwC, and Deloitte) Review and Track Monetary Research (Ponemon, Gartner, Data Breach) Transition budget from CapEx to OpEx models where possible and show 3-5 yr. cost savings Personal technologies to latch onto in terms of risk or business advantage Options for Enterprise Risk Management partnerships or committees Getting Board and Executive Management Interest and create business value Research your CFO, Board members, other Execs Meet with the CFO when you do not need anything Seek financial learning opportunities; help CFO Time to Apply! 22
#RSAC Thanks & Contact 23 Dr. Christopher Pierson Chief Security Officer & GC Viewpost cpierson@viewpost.com Terry Ragsdale Chief Financial Officer LSQ Funding Group tragsdale@lsq.com

More Related Content

PDF
From Cave Man to Business Man, the Evolution of the CISO to CIRO
byPriyanka Aash
 
PDF
How to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
byPriyanka Aash
 
PDF
Bridging the Gap Between Threat Intelligence and Risk Management
byPriyanka Aash
 
PDF
Security Program Development for the Hipster Company
byPriyanka Aash
 
PDF
Super CISO 2020: How to Keep Your Job
byPriyanka Aash
 
PDF
Make IR Effective with Risk Evaluation and Reporting
byPriyanka Aash
 
PDF
Data Science Transforming Security Operations
byPriyanka Aash
 
PDF
Demystifying Security Analytics: Data, Methods, Use Cases
byPriyanka Aash
 
From Cave Man to Business Man, the Evolution of the CISO to CIRO
byPriyanka Aash
 
How to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
byPriyanka Aash
 
Bridging the Gap Between Threat Intelligence and Risk Management
byPriyanka Aash
 
Security Program Development for the Hipster Company
byPriyanka Aash
 
Super CISO 2020: How to Keep Your Job
byPriyanka Aash
 
Make IR Effective with Risk Evaluation and Reporting
byPriyanka Aash
 
Data Science Transforming Security Operations
byPriyanka Aash
 
Demystifying Security Analytics: Data, Methods, Use Cases
byPriyanka Aash
 

What's hot

PDF
The Measure of Success: Security Metrics to Tell Your Story
byPriyanka Aash
 
PDF
The five secrets of high performing cisos
byPriyanka Aash
 
PDF
IANS 2015 RSA Presentation
byAndrew Sanders
 
PPTX
Effective Security Operation Center - present by Reza Adineh
byReZa AdineH
 
PPTX
Critical Capabilities for MDR Services - What to Know Before You Buy
byFidelis Cybersecurity
 
PDF
Soc 2030-socs-are-broken-lets-fix- them
byPriyanka Aash
 
PPTX
Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخداد
byReZa AdineH
 
PDF
Building a Strategic Plan for Your Security Awareness Program
byPriyanka Aash
 
PDF
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
byGlobal Business Events
 
PDF
Insights from-NSAs-cybersecurity-threat-operations-center
byPriyanka Aash
 
PDF
Vulnerability management - beyond scanning
byVladimir Jirasek
 
PDF
DATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPARED
byPriyanka Aash
 
PDF
Pulling our-socs-up
byPriyanka Aash
 
PDF
Embracing Threat Intelligence and Finding ROI in Your Decision
byCylance
 
PDF
Vendor Security Practices: Turn the Rocks Over Early and Often
byPriyanka Aash
 
PPTX
Be the Hunter
byRahul Neel Mani
 
PDF
Building an Effective Supply Chain Security Program
byPriyanka Aash
 
PPTX
Ivan dragas get ahead of cybercrime
byDejan Jeremic
 
PDF
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
byCristian Garcia G.
 
PDF
To MSSP or not to MSSP IISF 2015
byPaul Hogan
 
The Measure of Success: Security Metrics to Tell Your Story
byPriyanka Aash
 
The five secrets of high performing cisos
byPriyanka Aash
 
IANS 2015 RSA Presentation
byAndrew Sanders
 
Effective Security Operation Center - present by Reza Adineh
byReZa AdineH
 
Critical Capabilities for MDR Services - What to Know Before You Buy
byFidelis Cybersecurity
 
Soc 2030-socs-are-broken-lets-fix- them
byPriyanka Aash
 
Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخداد
byReZa AdineH
 
Building a Strategic Plan for Your Security Awareness Program
byPriyanka Aash
 
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
byGlobal Business Events
 
Insights from-NSAs-cybersecurity-threat-operations-center
byPriyanka Aash
 
Vulnerability management - beyond scanning
byVladimir Jirasek
 
DATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPARED
byPriyanka Aash
 
Pulling our-socs-up
byPriyanka Aash
 
Embracing Threat Intelligence and Finding ROI in Your Decision
byCylance
 
Vendor Security Practices: Turn the Rocks Over Early and Often
byPriyanka Aash
 
Be the Hunter
byRahul Neel Mani
 
Building an Effective Supply Chain Security Program
byPriyanka Aash
 
Ivan dragas get ahead of cybercrime
byDejan Jeremic
 
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
byCristian Garcia G.
 
To MSSP or not to MSSP IISF 2015
byPaul Hogan
 

Viewers also liked

PDF
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
byPriyanka Aash
 
PDF
Security Program Development for the Hipster Company
byPriyanka Aash
 
PDF
7 cyber security questions for boards
byPaul McGillicuddy
 
PPTX
Cyber crime and security ppt
byLipsita Behera
 
PDF
Cyber Risk Management in 2017: Challenges & Recommendations
byUlf Mattsson
 
PDF
State of Cybersecurity: 2016 Findings and Implications
byPriyanka Aash
 
PDF
Cybersecurity and The Board
byPaul Melson
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
byPriyanka Aash
 
Security Program Development for the Hipster Company
byPriyanka Aash
 
7 cyber security questions for boards
byPaul McGillicuddy
 
Cyber crime and security ppt
byLipsita Behera
 
Cyber Risk Management in 2017: Challenges & Recommendations
byUlf Mattsson
 
State of Cybersecurity: 2016 Findings and Implications
byPriyanka Aash
 
Cybersecurity and The Board
byPaul Melson
 

Similar to Partnership with a CFO: On the Front Line of Cybersecurity

PDF
Briefing the board lessons learned from cisos and directors
byPriyanka Aash
 
PDF
Don't Get Left In The Dust How To Evolve From Ciso To Ciro
byPriyanka Aash
 
PPTX
Ten Tenets of CISO Success
byFrank Kim
 
PDF
Building an effective Information Security Roadmap
byElliott Franklin
 
PDF
There’s No Such Thing as a Cyber-Risk
byPriyanka Aash
 
PDF
12 Top Talks from the 2017 R-CISC Summit
byTripwire
 
PPTX
vCISO Overview Virtual CISO Chief Information Security Officer
byabstmsecure
 
PDF
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
byWithum
 
PDF
The 7 Factors of CISO Impact at RSA 2015
byIANS
 
PDF
No more security empires - The ciso as an individual contributor
byPriyanka Aash
 
PDF
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
byawish11
 
PDF
Less tech more talk the future of the ciso role
byPriyanka Aash
 
PDF
Rsac2015 burns-fighting the right battle
byBill Burns
 
PDF
Top 5 secrets to successfully jumpstarting your cyber-risk program
byPriyanka Aash
 
PPTX
2016 Risk Management Workshop
byStacy Willis
 
PPTX
The Gathering Storm
byInnoTech
 
PDF
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
byCBIZ, Inc.
 
PDF
SBIC Report : Transforming Information Security: Future-Proofing Processes
byEMC
 
PDF
Critical hygiene for preventing major breaches
byPriyanka Aash
 
PDF
Presentation crafting your active security management strategy 3 keys and 4...
byxKinAnx
 
Briefing the board lessons learned from cisos and directors
byPriyanka Aash
 
Don't Get Left In The Dust How To Evolve From Ciso To Ciro
byPriyanka Aash
 
Ten Tenets of CISO Success
byFrank Kim
 
Building an effective Information Security Roadmap
byElliott Franklin
 
There’s No Such Thing as a Cyber-Risk
byPriyanka Aash
 
12 Top Talks from the 2017 R-CISC Summit
byTripwire
 
vCISO Overview Virtual CISO Chief Information Security Officer
byabstmsecure
 
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
byWithum
 
The 7 Factors of CISO Impact at RSA 2015
byIANS
 
No more security empires - The ciso as an individual contributor
byPriyanka Aash
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
byawish11
 
Less tech more talk the future of the ciso role
byPriyanka Aash
 
Rsac2015 burns-fighting the right battle
byBill Burns
 
Top 5 secrets to successfully jumpstarting your cyber-risk program
byPriyanka Aash
 
2016 Risk Management Workshop
byStacy Willis
 
The Gathering Storm
byInnoTech
 
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
byCBIZ, Inc.
 
SBIC Report : Transforming Information Security: Future-Proofing Processes
byEMC
 
Critical hygiene for preventing major breaches
byPriyanka Aash
 
Presentation crafting your active security management strategy 3 keys and 4...
byxKinAnx
 

More from Priyanka Aash

PDF
Oh, the Possibilities - Balancing Innovation and Risk with Generative AI.pdf
byPriyanka Aash
 
PDF
Cyber Defense Matrix Workshop - RSA Conference
byPriyanka Aash
 
PDF
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdf
byPriyanka Aash
 
PDF
GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdf
byPriyanka Aash
 
PDF
Techniques for Automatic Device Identification and Network Assignment.pdf
byPriyanka Aash
 
PDF
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
byPriyanka Aash
 
PDF
Finetuning GenAI For Hacking and Defending
byPriyanka Aash
 
PDF
Lessons Learned from Developing Secure AI Workflows.pdf
byPriyanka Aash
 
PDF
Redefining Cybersecurity with AI Capabilities
byPriyanka Aash
 
PPTX
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
byPriyanka Aash
 
PDF
Securing AI - There Is No Try, Only Do!.pdf
byPriyanka Aash
 
PDF
10 Key Challenges for AI within the EU Data Protection Framework.pdf
byPriyanka Aash
 
PDF
Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdf
byPriyanka Aash
 
PDF
From Chatbot to Destroyer of Endpoints - Can ChatGPT Automate EDR Bypasses (1...
byPriyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
byPriyanka Aash
 
PDF
Keynote : AI & Future Of Offensive Security
byPriyanka Aash
 
PDF
Keynote : Presentation on SASE Technology
byPriyanka Aash
 
PDF
Demystifying Neural Networks And Building Cybersecurity Applications
byPriyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
byPriyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
byPriyanka Aash
 
Oh, the Possibilities - Balancing Innovation and Risk with Generative AI.pdf
byPriyanka Aash
 
Cyber Defense Matrix Workshop - RSA Conference
byPriyanka Aash
 
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdf
byPriyanka Aash
 
GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdf
byPriyanka Aash
 
Techniques for Automatic Device Identification and Network Assignment.pdf
byPriyanka Aash
 
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
byPriyanka Aash
 
Finetuning GenAI For Hacking and Defending
byPriyanka Aash
 
Lessons Learned from Developing Secure AI Workflows.pdf
byPriyanka Aash
 
Redefining Cybersecurity with AI Capabilities
byPriyanka Aash
 
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
byPriyanka Aash
 
Securing AI - There Is No Try, Only Do!.pdf
byPriyanka Aash
 
10 Key Challenges for AI within the EU Data Protection Framework.pdf
byPriyanka Aash
 
Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdf
byPriyanka Aash
 
From Chatbot to Destroyer of Endpoints - Can ChatGPT Automate EDR Bypasses (1...
byPriyanka Aash
 
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
byPriyanka Aash
 
Keynote : AI & Future Of Offensive Security
byPriyanka Aash
 
Keynote : Presentation on SASE Technology
byPriyanka Aash
 
Demystifying Neural Networks And Building Cybersecurity Applications
byPriyanka Aash
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
byPriyanka Aash
 
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
byPriyanka Aash
 

Recently uploaded

PDF
Mastering Agentic Orchestration with UiPath Maestro | Hands on Workshop
byUiPathCommunity
 
PPTX
"Feelings versus facts: why metrics are more important than intuition", Igor ...
byFwdays
 
PDF
ODSC AI West: Agent Optimization: Beyond Context engineering
byShashikant Jagtap
 
PDF
[BDD 2025 - Artificial Intelligence] Building AI Systems That Users (and Comp...
byWintari Yasmin
 
PDF
Transforming Supply Chains with Amazon Bedrock AgentCore (AWS Swiss User Grou...
byChris Bingham
 
PDF
Mulesoft Meetup Online Portuguese: MCP e IA
byPedro Baroni
 
PDF
The Evolving Role of the CEO in the Age of AI
byPipal Tree Services Executive Search Firm
 
PDF
[DevFest Strasbourg 2025] - NodeJs Can do that !!
bymoassiongbon
 
PPTX
MuleSoft AI Series : Introduction to MCP
byMulesoftMunichMeetup
 
PDF
Accessibility & Inclusion: What Comes Next. Presentation of the Digital Acces...
byAssociazione Digital Days
 
PDF
So You Want to Work at Google | DevFest Seattle 2025
byMargaret Maynard-Reid
 
PDF
[BDD 2025 - Mobile Development] Exploring Apple’s On-Device FoundationModels
byWintari Yasmin
 
PDF
10 Best Automation QA Testing Software Tools in 2025.pdf
byRohitBhandari66
 
PPTX
Guardrails in Action - Ensuring Safe AI with Azure AI Content Safety.pptx
byUdaiappa Ramachandran
 
PDF
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
PDF
Lets Build a Serverless Function with Kiro
byChris Bingham
 
PDF
[BDD 2025 - Full-Stack Development] The Modern Stack: Building Web & AI Appli...
byWintari Yasmin
 
PPTX
The power of Slack and MuleSoft | Bangalore MuleSoft Meetup #60
byshyamraj55
 
PDF
Crane Accident Prevention Guide: Key OSHA Regulations for Safer Operations
bySharpEagle Technology
 
PPTX
UFCD 0797 - SISTEMAS OPERATIVOS_Unidade Completa.pptx
byscribddobruno
 
Mastering Agentic Orchestration with UiPath Maestro | Hands on Workshop
byUiPathCommunity
 
"Feelings versus facts: why metrics are more important than intuition", Igor ...
byFwdays
 
ODSC AI West: Agent Optimization: Beyond Context engineering
byShashikant Jagtap
 
[BDD 2025 - Artificial Intelligence] Building AI Systems That Users (and Comp...
byWintari Yasmin
 
Transforming Supply Chains with Amazon Bedrock AgentCore (AWS Swiss User Grou...
byChris Bingham
 
Mulesoft Meetup Online Portuguese: MCP e IA
byPedro Baroni
 
The Evolving Role of the CEO in the Age of AI
byPipal Tree Services Executive Search Firm
 
[DevFest Strasbourg 2025] - NodeJs Can do that !!
bymoassiongbon
 
MuleSoft AI Series : Introduction to MCP
byMulesoftMunichMeetup
 
Accessibility & Inclusion: What Comes Next. Presentation of the Digital Acces...
byAssociazione Digital Days
 
So You Want to Work at Google | DevFest Seattle 2025
byMargaret Maynard-Reid
 
[BDD 2025 - Mobile Development] Exploring Apple’s On-Device FoundationModels
byWintari Yasmin
 
10 Best Automation QA Testing Software Tools in 2025.pdf
byRohitBhandari66
 
Guardrails in Action - Ensuring Safe AI with Azure AI Content Safety.pptx
byUdaiappa Ramachandran
 
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
Lets Build a Serverless Function with Kiro
byChris Bingham
 
[BDD 2025 - Full-Stack Development] The Modern Stack: Building Web & AI Appli...
byWintari Yasmin
 
The power of Slack and MuleSoft | Bangalore MuleSoft Meetup #60
byshyamraj55
 
Crane Accident Prevention Guide: Key OSHA Regulations for Safer Operations
bySharpEagle Technology
 
UFCD 0797 - SISTEMAS OPERATIVOS_Unidade Completa.pptx
byscribddobruno
 

Partnership with a CFO: On the Front Line of Cybersecurity

  • 1.
    SESSION ID: #RSAC Terry Ragsdale Partnershipwith a CFO: On the Front Line of Cybersecurity GRC-T11 CFO LSQ Funding Group Dr. Christopher Pierson CSO and GC Viewpost @DrChrisPierson
  • 2.
  • 3.
    #RSAC Setting the Stage 3 Ernst& Young: Americas March 2014 CFO: need to know insights for CFOs PwC's 2015 Annual Corporate Directors Survey enRaged?enRaged?
  • 4.
    #RSAC Setting the Stage 4 Ernst& Young: Partnering for performance Part 3: the CFO and the CIO
  • 5.
    #RSAC Setting the Stage 5 4Key Areas: Understanding Drivers Educating Partners Compelling Arguments Governance & Team
  • 6.
  • 7.
    #RSAC Understanding the Drivers 7 CFOGoals: Business Opportunities Generate Profit Business Predictability Board & Investor Relations Funding/Capital Raises CSO/CISO Goals: Not in the News Reduce Risk/Keep Safe Business Enabler
  • 8.
    #RSAC Understanding the Drivers 8 Execution: Trustingthe Numbers Making them Confess Enablement: House in Order Funding the Strategy Development: Defining the Strategy Telling the Story EY-CFO-need-to-know-Insights-for-CFOs
  • 9.
    #RSAC Understanding the Drivers 9 RiskReduction Frequency Severity Likelihood Metrics to Illustrate Customer Trust Ignoring the 0.1% Risks
  • 10.
  • 11.
    #RSAC Educating Partners: News 11 CybersecurityIncidents: Your Sector Nationwide Risk Management Data Risk Data from Insurers Financial/GAAP Publications Target CFO Testifying before Congress in 2015
  • 12.
    #RSAC Educating Partners: Technology 12 Focuson Consumer Tech Focus on Impact not Tech Risk not Security (directly) Bring back to Business Transition to Company
  • 13.
    #RSAC Educating Partners: Board/Executives 13 IntenseBoard Attention Reputational Impact Differs Credibility is a Business Value SEC Oversight Shareholder Derivative SuitsKPMG: Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom
  • 14.
  • 15.
    #RSAC Compelling Arguments: Whatworks? 15 Financial Arguments? Cost Savings Risk Details Security Studies/Risk Studies? Breach Costs Cybercrime Costs Litigation Costs Evidence of Current/Past Issues? Tied to Past Control Costs
  • 16.
    #RSAC Compelling Arguments: Whatworks? 16 Tying Controls to Business Goals? Shifting CapEx to OpEx (from Balance Sheet)? Streamlining Efficiencies? Current News? Fear Mongering?
  • 17.
  • 18.
    #RSAC Compelling Arguments: Hypothetical 18 MDMManagement & Encryption Average Cost of Data Breach in U.S. $154 yr./record Average Number of Records on Devices – 1,000 Costs of Encryption and MDM per device is $250/yr. per device
  • 19.
  • 20.
    #RSAC Governance & Team:Risks, Options 20 How do you Communicate the Risk? Tracking Results Ensuring Controls and Budget Solve for Meaningful Business Tie Business Wins to Team Efforts
  • 21.
  • 22.
    #RSAC Start Now Weeks& Months Ahead Within One Year Collecting Newsworthy Articles Business Goals, Priorities, and Opportunities for Cyber through Business Evolution Tie budget to true risks that have surfaced recently – especially among competitors Reviewing Consulting, Board, GAAP, NACD, and Financial Guidance Materials (KPMG, EY, PwC, and Deloitte) Review and Track Monetary Research (Ponemon, Gartner, Data Breach) Transition budget from CapEx to OpEx models where possible and show 3-5 yr. cost savings Personal technologies to latch onto in terms of risk or business advantage Options for Enterprise Risk Management partnerships or committees Getting Board and Executive Management Interest and create business value Research your CFO, Board members, other Execs Meet with the CFO when you do not need anything Seek financial learning opportunities; help CFO Time to Apply! 22
  • 23.
    #RSAC Thanks & Contact 23 Dr.Christopher Pierson Chief Security Officer & GC Viewpost cpierson@viewpost.com Terry Ragsdale Chief Financial Officer LSQ Funding Group tragsdale@lsq.com