July 2021 Webinar 5: Cybersecurity Standards versus Hackers and Government Part II

1. Risk assessment and management methodologies

Why risk is the foundation of all the standards. How risks should be managed. The basics and some recommendations. We will start with a simple way of managing risk and go up to the complexity of quantifying risk and FAIR ideas.

- Likelihood

- Impact

- Risk rating

- Value assignment (FAIR methodology)

- Risk based budgeting

2. Benefits of Implementation

We will discuss how standards should be implemented. Where to start, what tools to use. What is the sequence of actions to make implementation?

- Maturity of the organization

- Budgeting

- Scheduled activities

- Reviews, KPIs, self-audit and attestation.

3. Implementation guidelines

- Starting with data classification

- FISMA CIA factors

- Governance

- KPIs

- Roles and responsibilities

- Incident organization

- Relationship of incidents to risk likelihood

- Controls selection

- Policies and procedures, documentation management

- Artifacts

- SecOps

- Incident management

- Audits and reviews

Explanation of ISMS cycles and reviews. Connection to KPIs.

Michael is the Founder and CEO of Digital Edge. He brings 20 years of experience as an information architect, optimization specialist and operations’ advisor. His experience includes extensive high-profile project expertise, such as mainframe and client server integration for Mellon Bank, extranet systems for Sumitomo Bank, architecture and processing workflow for alternative investment division of US Bank.

Michael is the creator of multiple security and compliance products such as Network Razor, File2Doc and the latest cybersecurity compliance platform CyberRegulator.com.

Educated as a Nuclear Engineer, Michael spent six years creating proprietary programming for monitoring and automation of processes of Nuclear Power Plants. Michael still uses his experience and approach of multiple layers of protection and defense applying them to Information Technology Management and Security. He holds advanced degrees in systems development, and has designed multiple solutions providing high performance and availability.