Name
PC4. Practical Risk Management
Date & Time
Tuesday, May 9, 2017, 8:00 AM - 4:00 PM
Speakers
Description
Session Description:
In just one day, this highly interactive workshop takes a practical approach to managing information risk without over complicating the process with needlessly elaborate and flawed risk models. Learn the most common reasons why organizations struggle to manage information risk effectively, and how to avoid those same mistakes. A series of case studies and hands-on exercises will demonstrate the application of these techniques in real-life scenarios. No single framework or model will be used in this workshop; instead the strengths of several industry-accepted methodologies will be leveraged and compared depending on how they are best suited to support the risk management process.
Workshop Outline
Analyzing Risk
•Putting Risk into Context
•What is Risk?
•Estimating Risk
•Putting Risk into Context
•What is Risk?
•Estimating Risk
Assessment Process
•Assessment Lifecycle
•Identification and Evaluation
•Vulnerabilities
•Controls Framework
•Threat Modeling
•Facilitated Scenarios
•Treatment and Acceptance
•Risk Communication
•Working with Audit & Regulators Risk
•Assessment Lifecycle
•Identification and Evaluation
•Vulnerabilities
•Controls Framework
•Threat Modeling
•Facilitated Scenarios
•Treatment and Acceptance
•Risk Communication
•Working with Audit & Regulators Risk
Program Design
•Top Down & Ground Up
•Finding the Best Fit
•Governance
•Metrics
•Tracking & Tools
•Program Maturity
•Top Down & Ground Up
•Finding the Best Fit
•Governance
•Metrics
•Tracking & Tools
•Program Maturity
Location Name
Room 703
Full Address
Colorado Convention Center
700 14th Street
Denver, CO 80202
United States
700 14th Street
Denver, CO 80202
United States
Category
PreConference
Speaker Bio(s)
Evan Wheeler is an expert in Information Security and Operational Risk Management for organizations in many critical infrastructure sectors. Wheeler has extensive experience presenting business resilience and cyber threat profiles to Board committees, managing international teams, working directly with regulators, and overseeing security operations. He is a specialist in building and running risk programs for organizations in highly regulated environments. He earned a Master of Science degree in Information Assurance from the NSA certified program at Northeastern University. He also served as a course author and lecturer for graduate programs at Clark University, Northeastern University, and the SANS Institute. He published a book, "Security Risk Management: Building an Information Security Risk Management Program from the Ground Up."
CEUs
8