Did you know that Small & Medium-sized Businesses (SMB) are targets in 75% of cyber attacks? Is your cybersecurity approach based on a set of defensive tools and procedures you have cobbled together over time? Is this approach adequate for dealing with today’s cyber risks? How do you know? Are you finding you are being more reactive than proactive? How can you do something about it?
This 3 hour workshop will address the basic steps to prepare your organization for implementing cybersecurity risk management. It will present a proactive methodology for defining and assessing your cybersecurity risks and then describe a mechanism for developing a plan to deal with them. We will look at the Federal (NIST) Cybersecurity Framework, developed with industry, as it defines a process and procedures for developing a cybersecurity system for an organization.
You will learn how to: 1) describe your current cybersecurity posture; 2) determine your target state for cybersecurity; 3) identify and prioritize opportunities for improvement using a risk management approach; 4) see how to assess progress toward the target state and organizational capability; and 5) how to improve communications among internal and external stakeholders.
- Analyze your current cybersecurity approach. What are your objectives and critical assets. The five Core cybersecurity functions – Identify, Protect, Detect, Respond, Recover. Identifying the key cybersecurity process activities required to manage your cybersecurity risks. How to perform a cyber risk assessment and select your key risks and controls.
- Assesse your cyber risk management capabilities. How rigorous and sophisticated your capabilities need to be for your cybersecurity risk management activities.
- Define your cybersecurity risk Profile. What activities are needed to reach your cybersecurity goal(s). Manage cybersecurity risk in each of the Core cybersecurity Functions and Categories. What Functional Subcategories have you implemented already and what others are needed to be implemented. By documenting your current state and the desired target state of specific cybersecurity activities, you reveal the gaps that need to be addressed to meet your cybersecurity risk management objectives. And to enable assessment of progress against meeting those goals.
Date: Wednesday, June 3, 2015
Location: Room 160, Phoenix Convention Center – South Building Hall G.
Visit us in AmCon at Booth 419 (http://www.amconshows.com/phoenix-az/)
Registration fee: $199 (includes FAQ handout on NIST Cybersecurity Framework)
Register online: www.regonline.com/cermphoenix2015
Speaker: Ed Perkins CIA CERM is the developer of Certified Enterprise Risk Manager® – Cyber Security™ certificate and is an expert on the NIST Risk Management Framework. Ed consults in enterprise risk management; performance and risk auditing; IT Governance; process automation; project management; and holds a Certified Internal Auditor (CIA) designation. He has over 30 years industry experience, in computer operations, operating systems, embedded systems, software development , chip architecture development, design automation, program and project management, design services management, technical writing, and internal auditing. He has managed high visibility / high risk IT programs, and led cross-functional teams and industry work groups. He can be contacted at: edp@CERMAcademy.com.