How Executives Make Informed Cyber Decisions
Previously held on September 19, 2024
Non-technical executives can truly own cybersecurity when their companies measure, monitor, and manage cybersecurity risk like other parts of their business.
The SEC is only the latest regulator to expect non-technical executives to take ownership of cybersecurity risk management. Regulators argue that when companies pose risks to others those risks needs to be managed, whether they come from business practices, properties, products, or the management of data and networked technologies.
But many businesses struggle with how to communicate technical risks to non-technical executives.
The expert panel will be discussing some of the awkward truths found in HALOCK's SEC 10-K Survey Report and will share techniques for communicating cyber risk to executives well enough that they can make informed cybersecurity decisions.
Speakers
Charity Otwell
Director of CIS Critical Security Controls
Charity has nearly 20 years of experience in the financial services industry and has built and led various programs such as Business Continuity, Disaster Recovery, Technology Governance, and Enterprise Architecture in a highly Regulated environment. Before coming to CIS, Charity was a GRC champion and practitioner with a focus on risk assessment, process optimization, process engineering, and best practice adoption for a top 50 bank within the United States. She also helped manage the relationship with federal regulators and the management of federal regulatory exams. She completed undergraduate and graduate studies in Birmingham, AL and holds multiple industry certifications.
Chris Cronin
Partner at HALOCK Security Labs
Chris Cronin is a partner at HALOCK Security Labs and Chair of the DoCRA Council. He is the principal author of the DoCRA Standard and CIS RAM, Center for Internet Security’s Risk Assessment Method. Chris’ clients include Fortune 100 companies, large and mid-sized organizations, start-ups, litigators, and regulators. Since 2010 Chris has helped his clients manage their information security risks to an evidence-based, reasonable level. Chris’ work as an expert witness has helped his clients, regulators, and litigators evaluate the reasonableness of security controls and programs during regulatory oversight or post-breach legal action. Chris is frequent speaker and cybersecurity writer. He collaborates with peers in industry collaboratives and think tanks, including Sedona Conference, to help bring equity and due care to cybersecurity and risk management.
Phillipe Langlois
Data Breach Investigations Report (DBIR) Author, Verizon
Philippe Langlois is currently working as the lead engineer and author of the Verizon Data Breach Investigations Report (DBIR). Prior to joining Verizon, he worked at CIS leading various data driven projects, such as the CIS Controls and the MS-ISAC Nationwide Cybersecurity Review.
