Best Quotes from "Hacking the Future of Risk Management"
Are we managing cybersecurity risk effectively? In last week’s Super Cyber Friday episode, "Hacking the Future of Risk Management", we dove into baseline risk assessment, potential vulnerabilities associated with third parties, and the evolving landscape of cybersecurity from prevention to resilience with our guests, Meghan Maneval , director of technical product management at ZenGRC , and Jo-Ann Smith , CISO at Long View Systems .
Tip of the hat to John Prokap , CISO, Success Academy Charter Schools for inspiring the post image for this highlights newsletter.
HUGE thanks to our sponsor ZenGRC
Watch the full video
Join us for our next Super Cyber Friday on Friday [06-09-23] for “Hacking Data Loss: An hour of critical thinking about improving the marriage between data security and cybersecurity.” Register here.
Best quotes from today’s guests.?
“You need to create a model, find something that works for your organization and stick to it.” - Meghan Maneval, RiskOptics
"Technologists are a lot more conscious of risk management and what that entails. The next step and the big evolution, really in the last year, is tying compliance there as well and using governance to supplement both the IT side of the world and your risk metrics side of the world." - Jo-Ann Smith, Long View Systems
"There's a lot of debate on the best path forward for third party risk. My stance, and the RiskOptics stance on it, is tell us what it does to your business." - Meghan Maneval, RiskOptics
"When we're talking about that third party, that vendor, that provider, what do they do for you? What kind of data do they have access to, or is their tool integrated with different systems? That's really what you have to start with." - Meghan Maneval, RiskOptics
"Today, we're using risk management and risk management processes to supplement our business approach. Two years ago, less so, because it was all kind of siloed," - Jo-Ann Smith, Long View Systems
领英推荐
"We were doing everything on spreadsheets. Risk management as a program didn't exist. Compliance was all on spreadsheets, trying to manage controls was all on another spreadsheet. Then, we were trying to manually create pivot tables between workbooks. It was literally a Gong Show. Moving into a governance risk and compliance tool with Reciprocity way back in the day was a real game changer." - Jo-Ann Smith, Long View Systems
"They're not going to understand the need for faster patching or longer password lengths. But if you go to them and say, 'If we implement these things, we can reduce the risk of X and then you can achieve this goal or move forward in this area,' then they might understand." - Meghan Maneval, RiskOptics
"Risk management, visibility into what's going on in your business as a whole, and what's critical actually really makes a difference." - Jo-Ann Smith, Long View Systems.
"My boss, the CEO, says, 'Lock this down, enable DLP, stop all our data from leaking out,' and then I find out after I shut everything off with my controls, that the business was relying on being able to communicate a set amount of data to some customer or a business partner or whoever over the Internet, and I just turned that tap off. That could lead to all kinds of other new risks." - Jo-Ann Smith, Long View Systems
"We're trying to communicate quantitative information with qualitative metrics and it's just not gonna get across. And so that's really where you have to come back to that dollar value or the value to your business." - Meghan Maneval, RiskOptics.
"What digital trust really means is a holistic approach to implementing cybersecurity or controls across an organization that not only protects your organization but also protects the consumers of whatever services or products you're selling to them." - Jo-Ann Smith, Long View Systems
"Most organizations haven't really mobilized effectively on the migration from on-premise infrastructure to cloud. They're two very different technology models, and we have incorrectly assumed that our skilled workers who could manage all of our technology on-premise can just leap and do the same thing on the cloud." - Jo-Ann Smith, Long View Systems
"A lot of times, we're talking about vulnerability management here and confusing it with risk management. When you talk about department heads putting all their bonuses and budgets on risk assessments and outcomes, I would scratch the word 'risk assessment' and just say 'outcomes.'" - Meghan Maneval, RiskOptics
"We tie risk to projects, to our compliance program, to our vendor management program, and to our IT and security roadmaps that we produce annually." - Jo-Ann Smith, Long View Systems
Quotes from our audience
“Our companies can't make money without taking risk. I don't agree that new risks are necessarily a setback.” - Phil Beyer , former CISO, Etsy
“Calculate risk the same way the rest of the business, so that they will understand, and the calculations will integrate.” - Michael S. , deputy CISO, CorVel Corporation