Secure Blueprint – Cybersecurity & Risk Management Program Strategy 27.09.2018

Learning Target:

• Discuss the benefits of managing your cyber program like a financial investment portfolio
• Learn how to optimize cyber investments, considering factors such as risk, maturity, and priority
• Discover the Secure Blueprint Model that enables an innovative process to evaluate a modern comprehensive cybersecurity program:
• Business Context & Alignment
• Maps to Industry-Accepted Frameworks (ISO 27K and others)
• Understand Cyber Maturity & Threats
• Identify High-Impact Risk Priorities
• Smart cyber investment decisions

Description/Content:

Organizations are not seeing their security investments deliver the level of cyber defense they need, and are more likely than ever before to suffer a breach. At the heart of the problem lies the issue of relevance: CISOs and Risk Officers need better information to guide meaningful security investments.

Kudelski Security’s Secure Blueprint approach helps organizations evaluate their security programs and make continuous improvements. It provides organizations with a visual representation of the security programs as well as the metrics to measure maturity and residual risk, thereby facilitating board-level engagement. The Secure Blueprint method customizes programs to the business priorities, risk appetite, internal context and external threats of an organization, and balances a focus on smart technology solutions with investments in people and process.

Content:

• What to consider to design a cybersecurity program aligned to business objectives
• How to achieve a holistic view of your security posture
• What is our Cybersecurity Portfolio Management Model that drives continuous improvement
• How to prioritize initiatives that factor in budget constraints, resources and level of effort

Approach to Risk Management:

Build a security program that is comprehensive, agile, business-aligned and that can be continuously improved.

This course will give you metrics to

• track and measure program maturity
• establish an effective prioritization and investment strategy
• adapt investments in response to evolving business context and threat landscape
• track and represent residual risk
• Executive dashboards that provide clear visual representation of security program maturity
• Framework for effective communication with board of directors

Trainer:

Martin Dion, Vice-President, EMEA Delivery (Information Assurance & Managed Security Services) at Kudelski Security, has +20 years of experience in cyber security, mainly in the banking industry (Offshore & Switzerland). Martin’s certifications include: Certified GRC Auditor (GRCA), Certified GRC Professional(GRCP) & OCEG GRCP Trainer, ISO 20000 Lead Auditor & Trainer, CISSP, ISO 27001 Lead Auditor & Trainer, Certified Information Security Manager.