Cyber risk has become the # 1 risk for most business leaders and policy makers around the world. To be effective, information risk managers can no longer operate solely as technical cyber security practitioners. They must partner with business risk managers, and articulate information risk in terms business leaders and boards of directors understand. This session will explore this evolution and typical journey organizations are taking to bring information risk management into the broader umbrella of business risk management.
Learning Objectives: Attendees will learn
- High level history of risk management and emergence of information risk management practices
- Stages of maturity of information security risk management in relation to business risk management
- Indications of the future of information risk assessment, the ramifications for information security risk managers, and benefits to organizations.
About the Speaker:
Marshall Toburen is a risk management strategist with RSA Archer, providing strategic input to the development of risk-related solutions and advising customers on best practices relating to Enterprise, Operational, and Third Party Risk Management. Prior to joining RSA, Marshall served as SVP/Director of Enterprise Risk Management for a diversified financial services company based out of Kansas City, MO. In that capacity, Marshall was responsible for the company’s enterprise risk management activities, including its ERM practices and supporting technology solutions, information security, insurance risk transfer, loss management, third party risk management, Sarbanes-Oxley controls management and 302 certification process, and issues management. Marshall has previously held positions in the financial services industry, including as Operational Risk Manager, Chief Audit Executive, IT Audit Director, and Assistant Controller. Marshall holds an M.A. in Economics from the University of Missouri, B.A.s in Economics & Political Science from Baker University, and has received certifications as a Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), and Chartered Bank Auditor (CBA) (non-practicing).
Who should attend
IT Leaders (CIOs/CTOs/CSOs/CISOs), IT practitioners (Directors and Managers), IT Audit and Security professionals, Internal and External Auditors.
Field of Study
IT Audit & Security
Instructional delivery method
||11:00 a.m. - 11:45 a.m. Registration, Lunch & Networking
11:45 a.m. - 12:00 p.m. ISACA Chapter Announcements
12:00 p.m. - 1:45 p.m. Presentation
1:45 p.m. - 2:00 p.m. Door prizes