Don't Be a Scapegoat

Tuesday, April 19 | 5:00PM–5:30PM
Session Type: Professional Development
Want to avoid taking the fall for a major incident? There are many examples of security professionals who have lost their jobs when a breach occurs, once it was determined that the root cause had been known in advance. Come to this session to hear about American University's practices of using a risk register and governance group to shine the light on those pesky, lingering risks, and, more importantly, to get executive sign-off on risks that must be accepted or deferred. You'll take away a foundational understanding of the requirements for setting up a basic IT risk register program.

OUTCOMES: Learn about one model/approach to tracking risks * Engage in a discussion of the benefits of recording and getting sign-off on lingering risks * Understand how this approach served as a building block for an ERM


  • Cathy Hubbs

    Chief Information Security Officer, American University

Resources & Downloads