Business Ethics and the CISO – Troy Stairwalt – CSP #111
As risk practitioners CISOs make risk vs reward decisions on a daily and sometimes hour by hour basis. As a profession we must understand our organizations risk tolerance and appetite as well as our own. Regulations are lagging indicators. SOX was established as a direct response to unethical behavior.
Unfortunately, regulations in cybersecurity and data privacy are also "lagging indicators" that organizations "left to their own device" have failed to allocate sufficient reasonable cost-effective resources to mitigate the significant risk in prudent ways that place the organization in a position to demonstrate both due diligence and due care in a worst case scenario.
CISOs must:
1 Understand your organizations risk tolerance and appetite
2 Know your own risk tolerance and appetite as well as your personal code of conduct and ethics.
3 Build and maintain your "rainy day", emergency or as my more colorful colleagues refer, FU funds.
4 Find your calm, peace and happiness. These days, mine is Yoga and Meditation What is yours?
5 To avoid stressful days and sleepless nights, maintain our integrity and sense of humor!
Guest
Former CISO Akron Children’s Hospital
Former CISO Westfield Insurance
With more than 20 years of information security experience, Troy Stairwalt’s expertise includes Cybersecurity Strategy, Program management, Information Security analysis, engineering, IT risk assessment, data privacy, cybersecurity architecture and cyber forensic investigations. Looking for ways to empower others and give back by sharing his knowledge, Troy spent several years volunteering with a group of internationally recognized experts to write, review and revise both the Certified Information Security Manager (CISM) and Certified in Risk and Information Systems Control (CRISC) certification exam questions, answers and plausible distractors to help the next generation of experts remain current with industry best practices. As these exams are administered internationally the questions and answers had to maintain technology, cultural and regulatory independence. In addition, Troy was asked to provide mentorship for SANS 504 course, Hacking Techniques, Exploits and Incident Handling. Troy currently teaches Cybersecurity and auditing information systems at the University of Akron.
Graduating summa cum laude, Troy obtained his master’s degree in Business Administration (MBA) from Ashland University.
Troy’s professional credentials include:
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)
• Certified in Risk and Information Systems Control (CRISC)
• Insider Threat Program Manager (ITPM)
• Certified Information Systems Auditor (CISA)
• Certified Cloud Security Professional (CCSP)
• GIAC Certified Incident Handler (GCIH)
• Certified Data Privacy Solutions Engineer (CDPSE)
Host
Todd Fitzgerald has built information Fortune 500/large company security programs for 20 years. Todd serves as VP, Cybersecurity Strategy and Chairman of the Cybersecurity Collaborative Executive Committee, was named 2016–17 Chicago CISO of the Year, ranked Top 50 Information Security Executive, authored 4 books including #1 Best Selling and 2020 CANON Hall of Fame Winner CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers (2019), ground-breaking CISO Leadership: Essential Principles for Success, as well as contributions to a dozen others. Todd held senior leadership positions at Northern Trust, Grant Thornton International, Ltd, ManpowerGroup, WellPoint (Anthem) Blue Cross Blue Shield/ National Government Services, Zeneca/Syngenta, IMS Health and American Airlines.