Cathy Hubbs
Chief Information Security Officer,
American University
Don't Be a Scapegoat
Tuesday, April 19, 2016 | 5:00PM–5:30PM
Session Type:
Professional Development
Want to avoid taking the fall for a major incident? There are many examples of security professionals who have lost their jobs when a breach occurs, once it was determined that the root cause had been known in advance. Come to this session to hear about American University's practices of using a risk register and governance group to shine the light on those pesky, lingering risks, and, more importantly, to get executive sign-off on risks that must be accepted or deferred. You'll take away a foundational understanding of the requirements for setting up a basic IT risk register program.
OUTCOMES: Learn about one model/approach to tracking risks * Engage in a discussion of the benefits of recording and getting sign-off on lingering risks * Understand how this approach served as a building block for an ERM
