Information Security And Risk Management: Program Structure And Value Add
Mr. Leo has trained over 15,000 CISSP candidates since 1998, and nearly 5000 in HIPAA privacy and security compliance since 2004, including law enforcement and attorneys. Mr. Leo has provided Expert Witness services in several cases concerning compliance issues with regard to the impact of HIPAA on the subject matter and privacy violations.
Over the course Mr. Leo’s career since 1980, he worked in Security and Privacy as a contractor at Johnson Space Center from 1980 to 2002, in his final years in the role of Program Manager, Chief Security Architect and Chief Security Officer for Mission Operations for the Shuttle and Space Station programs. From 2002 to 2006 he worked for the University of Texas-Galveston and Chief Information Security Officer and Director of IT for the Correctional Managed Care Division, establishing a complete security, privacy and compliance program for the organization. Then he began a new chapter as a security and privacy consultant entirely devoted to Healthcare clients.
He is a Charter member of the EC-Council Certified Hacking Forensic Investigator (CHFI) Advisory Board, a global panel of experts working to establish professional standards and practices in data forensics and serves on scientific working groups at NIST in both Cloud Security and Forensics. He serves on The American Board of Forensic Engineering and Technology (ABFET) for The American College of Forensic Examiners Institute (ACFEI) and holds several certifications from ISC2 and ISACA. Mr. Leo has been accorded Fellow status for the American Board for Certification in Homeland Security (ABCHS).
This discussion will follow this agenda:
- What is risk analysis and what is it supposed to do?
- What does it tell you and what does it not tell you?
- Why are there so many seemingly different “frameworks?
- Is one better than another?
- Implementation of Risk Management as a “cultural” aspect in the org
Areas Covered
- The Essence of Risk Analysis and Risk Management
o Examples of Risk Management Frameworks
- NIST RMF
- FAIR
- ISACA IT Risk
o Similarities and Differences
o How to evaluate, how to choose
o Program Development: Evolution, not Revolution
o Remediation Strategy: making informed mitigation choices - The Risk Analysis Process and its greater business value
Who Should Attend
CISO, CPO, Legal Counsel, IT Mgmt, Operations officers, Compliance Officers, Privacy Officer, and Security Officers.
Why Should You Attend
- What factors should be considered?
- How to choose the appropriate framework when they vary widely from very qualitative to highly quantitative?
- What really is the difference between these two types?
- Is there really a difference between them and why does it matter?
- How do I explain the methodology, calculations, and results to a non-cybersecurity audience?
- These and other commonly asked questions will be addressed during this seminar
Topic Background
The idea of basing cybersecurity program actions on analyzing the various risks faced by an organization has been around for decades. Over time it has evolved and matured in its structure and approach. Analytical methods have emerged over time to define and structure the various elements and interactions that are germane. What remains as basic questions though is how to choose which method suits a given context and how to overcome the natural resistance to accepting results from this process that is often criticized for its perceived uncertainty when used to drive cybersecurity mitigation strategy.
-
$200.00
-