CISO Executive Network Tuesday, October 13, 2020
Threat, Vulnerability, & Third Party Risk Management
The board should probably never hear you talk about vulnerabilities. Speak in the language of RISK. It is a term they are accustomed to. What metrics are you reporting to the board? Register for our next roundtable and hear from your peers about effective board level metrics for your cyber security program.
The past year has provided ample evidence that companies need to understand their cyber threats and risks more effectively. From supply chain to third-party risk and overall cybersecurity threat, vulnerability and risk management, CISOs must have better ways to calculate and report risk to their companies. Assessments and dashboarding are an important part of any good cybersecurity threat and risk management program. CISOs should be looking for ways to collect better metrics and report them in terms that make sense to the business. Ultimately, what are we showing that gives confidence to upper management and the board that we have a handle on cyber risk?
Topics we will likely discuss:
- Threat, vulnerability & risk management metrics and reporting
- Threat modeling best practices
- The advent of the digital risk protection market and new sources of threat intel
- Vulnerability tracking and management
- Risk measurement based on key frameworks such as NIST, ISO, etc.
- How much risk can business units accept and are we tracking it?
- Risk registers and their effectiveness
- Best practices for board reporting
- Third-party risk assessment and best practices
- Where TPRM belongs in the organization, is this part of ERM?
- Feasibility of continuous monitoring of third parties
- The connection of GRC and third-party risk management
Sponsored by Synack, CyberArk, Okta