BEGIN:VCALENDAR VERSION:2.0 PRODID:-//GRC 20/20 Research, LLC - ECPv6.15.20//NONSGML v1.0//EN CALSCALE:GREGORIAN METHOD:PUBLISH X-ORIGINAL-URL:https://www.grc2020.com X-WR-CALDESC:Events for GRC 20/20 Research, LLC REFRESH-INTERVAL;VALUE=DURATION:PT1H X-Robots-Tag:noindex X-PUBLISHED-TTL:PT1H BEGIN:VTIMEZONE TZID:Europe/London BEGIN:DAYLIGHT TZOFFSETFROM:+0000 TZOFFSETTO:+0100 TZNAME:BST DTSTART:20230326T010000 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:+0100 TZOFFSETTO:+0000 TZNAME:GMT DTSTART:20231029T010000 END:STANDARD BEGIN:DAYLIGHT TZOFFSETFROM:+0000 TZOFFSETTO:+0100 TZNAME:BST DTSTART:20240331T010000 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:+0100 TZOFFSETTO:+0000 TZNAME:GMT DTSTART:20241027T010000 END:STANDARD BEGIN:DAYLIGHT TZOFFSETFROM:+0000 TZOFFSETTO:+0100 TZNAME:BST DTSTART:20250330T010000 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:+0100 TZOFFSETTO:+0000 TZNAME:GMT DTSTART:20251026T010000 END:STANDARD END:VTIMEZONE BEGIN:VEVENT DTSTART;TZID=Europe/London:20240808T100000 DTEND;TZID=Europe/London:20240808T160000 DTSTAMP:20260504T101810 CREATED:20240703T144311Z LAST-MODIFIED:20240703T144313Z UID:10002596-1723111200-1723132800@www.grc2020.com SUMMARY:IT/Cyber Risk & Resilience Management by Design\, NEW YORK DESCRIPTION:REGISTER\n\n\n\n\nOrganizations are complex: from technological advancements to regulatory changes and global expansions\, ensuring robust information security is a daunting task for any GRC professional. \n\n\n\nIn this workshop with renowned GRC pundit Michael Rasmussen\, you’ll get the blueprint you need to achieve an effective IT risk management strategy in a dynamic business and risk environment. You’ll learn strategies and techniques to apply to your whole organization and as part of your broader GRC strategy. \n\n\n\nHere’s what you can expect to gain:\n\n\n\n\nA comprehensive understanding of IT GRC within the broader context of business performance and strategy.\n\n\n\nKnowledge of how to integrate IT GRC management processes seamlessly into your organization’s operations.\n\n\n\nThe ability to define an information architecture that provides 360° situational awareness of IT GRC in alignment with business objectives.\n\n\n\nA deep dive into the technology components necessary to streamline risk and compliance management across your organization.\n\n\n\n\nWho should come along?\n\n\n\n\nIT GRC managers and officers\n\n\n\nBusiness managers who want to up their game in IT GRC\n\n\n\nExecutives and governance personnel overseeing IT GRC\n\n\n\nAudit personnel providing assurance on IT security and GRC\n\n\n\n\nWorkshop Abstract:\n\n\n\nOrganizations are complex. Exponential growth and change in technology\, vulnerabilities\, regulations\, globalization\, distributed operations\, changing processes\, competitive velocity\, business relationships\, legacy technology\, and business data expose organizations of all sizes. Keeping this complexity and change in sync is a significant challenge for information security professionals. Executives constantly react to risk appearing around them and fail to actively manage and understand the interrelationship of risk across the organization\, particularly information security risk\, as it permeates business operations\, processes\, transactions\, and relationships in the digital world. Risk Management maturity increases as the ability to connect\, understand\, analyze\, and monitor interrelationships and underlying patterns of performance\, risk\, and compliance across the business grows. \n\n\n\nOrganizations require complete situational and holistic awareness of information risk management across operations\, processes\, relationships\, systems\, transactions\, and data to see the big picture of risk and its impact on performance and strategy. Risk management fails when risk issues are addressed as a system of parts that do not integrate and work as a collective whole. Information security cannot be managed in isolation. Decentralized\, disconnected\, and distributed processes of the past catch the organization off guard to information risk and expose the organization. The interconnectedness of information and technology underpinning all aspects of an organization’s operations requires the Chief Information Security Officer (CISO) to be a foundational and integrated approach to risk management across the organization. Understanding and managing risk in today’s environment requires a new paradigm in managing the interconnections and relationships of risk\, particularly information risk. CISOs need to stay on top of their game by monitoring information security risk to their organization both internally (e.g.\, operations\, processes\, systems\, data) and externally (e.g.\, threat\, competitive\, legal\, geographic environments) to stay competitive in today’s economy. \n\n\n\nOrganizations must understand information security risk and make risk-informed business decisions to manage effectively manage risk across the enterprise. This workshop provides a blueprint for attendees on effective IT risk management strategies in a dynamic business and risk environment. Attendees will learn IT risk management strategies and techniques that can be applied across the organization and as part of broader GRC strategies. Learning is done through lectures\, collaboration with peers\, and workshop tasks. \n\n\n\nObjectives of the workshop:\n\n\n\nAttendees will take back to their organization’s approaches to address: \n\n\n\n\nIT Risk Management Strategy. Understand IT risk in the context of business performance\, strategy\, objectives\, culture\, and values.\n\n\n\nIT Risk Management Processes. The IT risk management processes integrated into the organization and its operations flow from the strategy. Good IT risk management is done in the rhythm of the business.\n\n\n\nIT Risk Management Information Architecture. Defining an information architecture that enables IT risk management strategy and processes by providing 360° situational awareness of IT risk in the context of business strategy and operations\n\n\n\nIT Risk Management Technology Architecture. The necessary technology components are needed to integrate diverse and distributed risk and compliance management roles and IT risk management into the organization’s operations.\n\n\n\n\nBenefits to attendees:\n\n\n\n\nHolistic awareness of risk. There is defined risk taxonomy across the enterprise that structures and catalogs risk in the context of the organization and assigns accountability. A consistent process identifies risk and keeps the taxonomy current. Various risk frameworks are harmonized into an enterprise risk framework.\n\n\n\nRisk-intelligent decision-making. The organization has what it needs to make risk-intelligent business decisions. Risk strategy is integrated with organization strategy; it is an integral part of business responsibilities. Risk assessment is done in the context of business change and strategic planning\, and structured to complement the business lifecycle to help executives make effective decisions.\n\n\n\nAccountability of risk. Accountability and risk ownership are established features of risk management. Every risk\, at the enterprise and business-process level\, has clearly established owners. Risk is communicated to stakeholders\, and the organization’s track record should illustrate successful risk tolerance and management.\n\n\n\nMultidimensional risk analysis and planning. The organization has a range of risk analytics\, correlation and scenario analysis. Various qualitative and quantitative risk analysis techniques are in place and the organization has an understanding of historical loss to feed into analysis. Risk treatment plans — whether acceptance\, avoidance\, mitigation or transfer — are working and monitored for progress.\n\n\n\nVisibility of risk as it relates to performance and strategy. The enterprise views and categorizes risk in the context of organization objectives\, performance and strategy. KRIs are implemented and mapped to key performance indicators (KPIs). Risk indicators are assigned established thresholds and trigger reporting that is relevant to the business and effectively communicated. Risk information adheres to information quality\, integrity\, relevance and timeliness.\n\n\n\n\nWho should attend?\n\n\n\n\nIT risk managers and officers responsible for leading and managing IT risk and information security\n\n\n\nBusiness managers whose job responsibilities include IT risk responsibilities\n\n\n\nExecutives and governance personnel who have to oversea and govern IT risk\n\n\n\nAudit personnel that provide assurance on IT security and GRC\n\n\n\n\nTypical Agenda:\n\n\n\nPart 1: What is IT Risk Management?\n\n\n\nUNDERSTANDING IT RISK IN THE CONTEXT OF THE ORGANIZATION\n\n\n\n\nDifferent views of IT risk and information security throughout the organization\n\n\n\nWho owns IT risk?\n\n\n\nUnderstanding IT risk and its role in assurance to business strategy\, objectives\, performances\, and operations\n\n\n\nWorkshop Project & Discussion\n\n\n\n\nPart 2: IT Risk Management\n\n\n\nBLUEPRINT FOR IT RISK MANAGEMENT COLLABORATION AND STRATEGY\n\n\n\n\nDeveloping an IT risk committee (or herding cats)\, bringing together the range of GRC roles with a stake in IT risk across the organization\n\n\n\nDefining an IT risk management charter\n\n\n\nDeveloping a collaborative and enterprise view of IT risk and how it relates to performance\, risk\, and compliance\n\n\n\nWorkshop Project & Discussion\n\n\n\n\nPart 3: IT Risk Management Process Lifecycle\n\n\n\nINTEGRATED PROCESSES TO IDENTIFY\, ANALYZE\, MANAGE\, AND PROVIDE ASSURANCE ON IT RISK\n\n\n\n\nIdentification – Collaborative process to identify IT risks and controls from both the bottom and the top\n\n\n\nAnalysis – Defining effective and operational controls to provide assurance while mitigating risk\n\n\n\nManagement – Strategies to manage IT risk and controls in context of performance\, risk\, and compliance\n\n\n\nCommunication – Assign and manage IT risk ownership and accountability\n\n\n\nWorkshop Project & Discussion\n\n\n\n\nPart 4: IT Risk Management Information & Technology Architecture\n\n\n\nPROVIDING AN INTEGRATED VIEW OF IT RISK TO THE ENTERPRISE\n\n\n\n\nDeveloping an IT risk taxonomy and attributes of risks and controls\n\n\n\nMapping IT risk to objectives\, risk\, policy\, and compliance\n\n\n\nMonitoring IT risk in a changing environment\n\n\n\nTechnology capabilities and considerations to support IT risk management\n\n\n\nWorkshop Project & Discussion\n\n\n\n\nGRC 20/20 Analyst will be facilitating this workshop . . .\n\n\n\n\n\n\n\nMichael Rasmussen is an internationally recognized pundit on governance\, risk management\, and compliance (GRC) – with specific expertise on enterprise GRC strategy and processes supported by robust information and technology architectures.  With 30+ years of experience\, Michael helps organizations improve GRC strategy and processes supported by the correct GRC technology architecture. This enables organizations to align GRC with the business and deliver effective\, efficient\, resilient\, and agile capabilities to the organization.  He is a sought-after keynote speaker\, author\, and advisor and is noted as the “Father of GRC” — the first to define and model the GRC market in February 2002 while at Forrester. \n\n\n\nAbout Event Host . . .\n\n\n\n\n\n\n\nSureCloud is a leading provider of cloud based\, Integrated GRC (Governance\, Risk & Compliance) products and Cybersecurity services\, which reinvent the way you manage risk. SureCloud\, and our Aurora platform\, enable organizations to make better decisions and achieve their desired business outcomes. SureCloud is underpinned by Aurora\, a highly configurable no-code platform\, which is simple\, intuitive\, and flexible. Unlike other GRC Platform providers who force organizations to adapt their processes\, our solutions are highly configurable. Aurora can be easily customized to fit a wide range of operating models\, meaning that our clients get immediate and sustained value from the outset. \nShare this:\n Email a link to a friend (Opens in new window)\n Email\n \n Print (Opens in new window)\n Print\n \n Share on LinkedIn (Opens in new window)\n LinkedIn\n \n Share on X (Opens in new window)\n X\n \n Share on Facebook (Opens in new window)\n Facebook URL:https://www.grc2020.com/event/it-cyber-risk-resilience-management-by-design-new-york/ CATEGORIES:20/20 Workshops ATTACH;FMTTYPE=image/jpeg:https://www.grc2020.com/wp-content/uploads/2024/07/1719930165345.jpeg END:VEVENT END:VCALENDAR