How to Build an Effective InfoSec Risk Management Program

This session will focus on the elements of an effective information security risk management program, including how to select a framework for assessing risk and tailor it to your organization's culture, the difference between inherent and residual risk and why reporting on both is critical, common mistakes information security personnel make while trying to get a new risk management program off of the ground, how to set expectations with leadership, and how to partner with governance, compliance, and legal teams in your organization to garner true top-down support.