BSIDESOK 2017 Greg Guhin - Security Risk Management: Risk Assessment and Beyond

My presentation will concentrate on using the results of Information Security Risk management activities to drive strategic and tactical outcomes. The material will include the use of components of the Octave Allegro Information Risk Assessment methodology to perform threat scenario modeling, with the results driving investments in information security tools and capabilities. There will be general discussions on how risk assessments are used in different organizational gates that introduce risk, including Vendor Management, Project and Data Protection.