What’s On My Risk Management Wish List

What’s On My Risk Management Wish List


Waiting for the RSA Conference is a bit like counting down the days until Christmas. And RSA with a full conference pass is the security and risk version of the Toys “R” Us Big Toy Book but better– my only limits are good time management, a realistic assessment of logistics, and a pair of comfortable shoes. As I flip through the catalog pages, here’s what I’m adding to my wish list:

 

Sessions I Favorited

Monday, February 24

8:00 AM – FAIR Institute: A FAIR Approach to Cyber and Technology Risk Measurement, Moscone West

Confused about what cyber risk quantification is? Don’t worry, you’re not alone. Cyber risk quantification is mathematical modeling to render the business impact of cyber risk exposure in ­financial terms. As strategic investment in cybersecurity programs increase, security and risk pros need to communicate the ROI of their efforts in a language the business understands — financial terms. To learn more about cyber risk quantification, check out my Tech Tide: Governance, Risk And Compliance Technologies, Q4 2019.

 

1:30 PMRSAC Innovation Sandbox Contest, Moscone South

We hear from Forrester clients time and again that they’re looking for innovation from their vendors; and yet when innovation comes knocking at their door, CISOs are too often reluctant to take on the “undue risk” of working with start-ups or early stage companies. To help you navigate through the third-party risk of working with younger technology vendors, read “Capturing Innovation In Your Security Program” or find me at the Innovation Sandbox checking out the latest and greatest in security and risk technologies.

 

What I’m Hoping to Find

 

Horse-powered engines, not faster horses. Henry Ford said it best: “If I had asked people what they wanted, they would have said faster horses.” With GRC technology adoption at it’s highest levels in almost a decade, many vendors have become so closely aligned with the needs of a subset of customers that they’re neglecting the needs of the broader market; or are so deep inside their echo chamber to see they’re misaligned with where the market is headed. With that, I’ll be scouring the exhibit halls looking for innovation and usability, and on the lookout for technologies that know where to find data that already exists in the enterprise (hint: your data center, payment systems, contract systems, HR technologies, among others). Take it a step further, pinpointing the tech that then connects these disparate data points, and funnels them right into GRC technologies. Don’t make me ask a third-party for data you already have on them. Don’t make me fill out questionnaires with information I just gave  you. Automation is not workflow with a dozen clicks; it’s a process that respects my time and my attention span.

 

If you think your product is a needle in the haystack, Tweet me your booth number @AllaValente and I’ll stop by.

 

Safe travels to all and I’ll see you at RSAC!





Source link

WP Twitter Auto Publish Powered By : XYZScripts.com
Exit mobile version