How do you get management to buy-into the importance of becoming a cybersecurity framework driven operation? Those of us who have used frameworks, such as NIST CSF or NIST 800-53, ISO, CMMC or others, know the value of the framework, but management might just see a huge level of cost and effort, and for what outcome when your done with the assessment? Management often needs help getting there. How do we influence and persuade management in our day jobs, and as consultants, and advise them on which framework is best for them, on how to crawl-walk-run in becoming “structured for success”? In this talk we’ll discuss primary motivators behind why management will adopt a cybersecurity framework, and “what works” on crossing over into the land of embracing them. An advisory mindset of various framework approaches, strengths, and weaknesses will also be introduced, to identify where to start and which one is best for your organization based upon your specific needs. Lastly, how do you ensure no buyer’s remorse when you do perform the assessment to ensure management is involved through the entire lifecycle of the assessment, driving and seeing value for their necessary outcomes.
SPEAKERS:
Ken Dunham has over 30 years' experience on the front lines of Cybersecurity. He is an active member of ISACA and is CISM certified. He recently ran five global consulting practices while at WWT including that of cybersecurity frameworks for non-certified readiness maturity uplifts. He is also experienced with the newer CMMC US DoD framework, which includes evaluation of process for each domain. Much of Mr. Dunham’s work has been focused in transforming F100 organizations but also supports commercial and SLED of all sizes. More recently Mr. Dunham performed SaaS framework driven security reviews while at MMC. Mr. Dunham currently offers consultation through his organization 4D5A Security and is looking for his next full time cyber leadership role while consulting. Current notable consulting projects include building a strategic plan for the State of Idaho for a Cyber Fusion center and authoring of the book Cyber CISO Marksmanship, due out through Taylor and Francis next summer.