(ISC)² Spotlight | Governance, Risk and Compliance

May 3, 2023 ‐ May 4, 2023


Cyber Risk Excellence: Risk Infused with Threat Intelligence, a Secure Culture, and Partnerships

May 3, 2023 10:00am ‐ May 3, 2023 10:45am

Identification: GRC2301

Credits: None available.

The last few years have proven to be an extreme test for organizations as they quickly pivoted to a digital-first environment and faced new operational realities, including an acceleration of cyber threats. Hear how internal collaboration and cyber risk and threat intelligence partnerships drive meaningful conversations about risk tolerance, governance, and policy to support evolving business priorities and create a risk-aware culture across your organization.

You will learn:

1 How to develop cyber risk programs that are well informed by meaningful threat context.

2 Creating a risk aware culture with leaders and even more broadly across the enterprise.

3 Developing partnership engagement models enabling deeper insights and collaboration across the industry.

  • Brenda Bjerke, CISSP, CIPP, Senior Director of Cybersecurity, Target

Cyber Risk Management Strategies- A CISO’s Perspective

May 3, 2023 10:55am ‐ May 3, 2023 11:55am

Identification: GRC2302

Credits: None available.

In this presentation we will examine the balance between cyber risk and operational business requirements. We will discuss how to select a security framework and develop a vulnerability management strategy tailored to your organizational needs. The impact of laws & regulations on security programs, and the importance of written information security policies and procedures, will also be covered. Overall, our focus will be driven by how the ability to make risk-aware decisions is critical to the success of cybersecurity leaders and effectiveness their security programs.

  • Andrew K. Smeaton, CISSP,CISM,CISA,CGEIT,CRISC, Chief Information Security Officer, Afiniti
  • Greg Rogers, Chief Information Security Officer, Legal and General America

Regulatory Operations: Understanding the Impact and How to Improve, Sponsored by RegScale

May 3, 2023 12:05pm ‐ May 3, 2023 1:05pm

Identification: GRC2303

Credits: None available.

In today's heavily regulated business environment, Governance, Risk, and Compliance (GRC) teams are spending an increasing amount of time and resources collecting evidence to demonstrate regulatory compliance and prepare for audits. Many organizations view compliance as burdensome and haven’t found a better way…until now. In this panel, learn from industry experts around the transformational impact of regulatory operations, and how organizations can improve their compliance efforts to not only meet regulatory requirements but also manage, monitor and report risk and compliance state in real-time, improve collaboration, and keep up with changing regulations. We will explore the challenges of regulatory compliance, including the significant time and resource investments required, and discuss strategies for streamlining compliance processes. 

Join us to learn how to implement regulatory operations (RegOps) and achieve greater value out of your GRC program.

  • Anil Karmel, Co-founder and CEO, RegScale, Inc.
  • Jenai Marinkovic, Executive Director, GRCIE & vCISO Tiro Security, GRC for Intelligent Ecosystems (GRCIE)
  • Opal El, DSc, CISSP, PMP, Information System Security Engineer

Third-Party Risk Management: What You Don’t Know CAN Hurt You- Sponsored by AuditBoard

May 4, 2023 10:00am ‐ May 4, 2023 11:00am

Identification: GRC2304

Credits: None available.

Who has access to your company’s data and what risks do they pose to your organization? While these questions seem basic, most organizations cannot confidently answer them, despite an accelerating trend of third-party threats and incidents. Building a robust third-party risk program is complex and takes time. Building a program that allows information security teams to be strategic in managing third-party risks is even more challenging. During this session, we will guide you through how to successfully implement a strategic and technology-enabled third-party risk program to manage this emerging source of risk.

Moderator(s): Speaker(s):

Cyber Risk is Business Risk: Maximizing Your Cyber Insurance Coverage with Attack Surface Risk Management - Sponsored by Trend Micro

May 4, 2023 11:10am ‐ May 4, 2023 12:10pm

Identification: GRC2305

Credits: None available.

In today's rapidly evolving digital landscape, cyberattacks are becoming more frequent and sophisticated. This session explores how attack surface risk management empowers businesses to have productive conversations with underwriters to find the right cyber-insurance coverage. By providing a comprehensive understanding of a company's attack surface, organizations can identify and address potential security gaps in the digital environment, minimizing risk exposure. Join this session to learn more about this critical component of cybersecurity risk management.


Building Your Risk Management Program for Success

May 4, 2023 12:20pm ‐ May 4, 2023 1:05pm

Identification: GRC2306

Credits: None available.

Join in the discussion as experts in privacy, third party risk, and information security take you through strategic points that you need to consider when building a successful cyber risk management program. Walk away with insights on effective strategies to assess, analyze, communicate and mitigate cyber risk while establishing or integrating with your organization’s enterprise risk management program.

Moderator(s): Speaker(s):