1,021 Views
Governance, Risk and Compliance
Security Congress Abstract
Lloyd Diernisse, CISSP, CCSP, LSSBB, PMP, CSM, CMMI-A, ITIL-F
Cybersecurity Consultant to the U.S. Government
Consultant
Risk management is often implemented according to ISO 31000:2018, or Gartner’s Continuous Adaptive Risk and Trust Assessment (CARTA) imperatives, or the U.S. government’s Risk Management Framework (RMF), among other approaches. These are highly regarded attempts to provide a clear and disciplined approach for managing risks, and they are great tools. However, when used in isolation, none protect as well as a collective approach would.
This presentation focuses on the strengths and weaknesses of various approaches in a multi-dimensional enterprise, one that needs to secure more than just the technology that’s on-premise. Today, comprehensive cybersecurity risk management requires a collective understanding of the risks and issues inherent in both hybrid and stand-alone virtualized IT, physical operational technology (OT) and cloud service offerings.