Risk & Compliance/Legislation

D1: Beyond Compliance – Leverage Your Next Risk Assessment for Program Improvement

Thursday, June 8, 2023 9:15 AM - 10:15 AM

Room 501/502


External risk assessments and reviews are performed frequently to meet compliance and regulatory requirements but are seldom put to effective use in guiding security program implementation or strategy. To get the most out of your next cybersecurity risk assessment, the assessment, assessment team, and assessment results must be tuned to organizational needs. In this session, we will discuss how to leverage external cybersecurity assessments to support the growth and maturity of the organization's security program. We will cover the creation of an assessment strategy, how to budget, scope and contract an effective cybersecurity risk assessment, how to integrate the assessment findings into an enterprise risk management strategy, and how to recognize and demand key competencies in your external cybersecurity assessment provider.

Learner Objectives

• The learner will be able to specify requirements and contract a quality risk assessment that will support and guide cybersecurity management and strategy. • The learner will understand the RIIOT data gathering approach to scope the depth and breadth of an assessment. • The learner will understand the 5 key skills to look for in a quality assessment team: Lists, Observation, Curiosity, Knowledge, and Satisfaction (LOCKS).