Governance, Risk, and Compliance: The CISO perspective
Key objectives of a governance, risk, and compliance program (GRC) are to ensure that the cybersecurity program has appropriate oversight, identifies and addresses cyber risks, and complies with all applicable laws and regulations. GRC functions shape cybersecurity program components and its principal functions to reduce risk and meet all compliance obligations.
During this month of CISO Stories, practitioners will share their experiences and challenges with implementing a GRC framework, including developing appropriate policies and controls, establishing oversight organizations, integrating cybersecurity risk management with Enterprise Risk Management objectives and methodologies, identifying and complying with laws and regulations, and using GRC software tools for managing all aspects of the GRC framework.
Practitioners will also connect the dots on how an effective GRC framework can help to continuously improve identity, application, cloud and network security, anti-ransomware efforts, zero trust, email security, threat intelligence, AI and third-party risk management.
Speakers
Parham Eftekhari is a recognized business executive in the information security sector with a lifelong passion for leadership, and community engagement. His expertise spans critical infrastructure technology and policy, business strategy and operations, executive advising, and thought leadership content initiatives.
Parham has published over a dozen information security reports, regularly engages with the media, and has contributed to countless briefings and events at institutions including TEDx, Congress, the World Bank, RSA, IFA+, (ISC)2, C-SPAN, and the Institute for Critical Infrastructure Technology (ICIT).
Dr. Dustin Sachs is the Chief Technologist and Sr. Director of Programs at CyberRisk Alliance. He is a highly accomplished cybersecurity professional with a proven track record in risk management, compliance, incident response, and threat mitigation. He is CISSP-certified and holds a Doctor of Computer Science (DCS) degree in Cybersecurity and Information Assurance. Dr. Sachs has worked in various industries, including public utilities, food distribution, and oil and gas. He is a respected thought leader in the cybersecurity community.