NOT22104. Are You Addressing the Right Risks in Cybersecurity?

A risk assessment is the foundation of an information security and cybersecurity program. Additionally, it is also a requirement of the Gramm-Leach-Bliley Act (GLBA). We will provide a risk assessment template to help participants identify risk and adequately evaluate their current controls. This process will help ensure management is addressing the right risk with the correct controls. This workshop will be using real world examples provided by a current CIO in the Higher Education Community and a long time Information Security Officer turned IT Auditor. Users will leave the workshop with a greater knowledge of what to look for and a checklist of high risk items to evaluate their own organizations.

Learning Objectives:

• Determine IT risk and implementing establishing controls to remediate that risk, and submitting to stakeholders for their approval
• Identify the process from risk detection through enforcing risk reducing controls in policy in accordance with the GLBA
• Distinguish the importance of data classification to the risk assessment process.