Changing the Mindset: Creating a Risk-Conscious Culture!

Changing the Mindset: Creating a Risk-Conscious Culture!

Henry Dalziel | Hacker Hotshots, Latest InfoSec News | July 28, 2013

July 30th, 1200 EST, John Pironti will be presenting: “Changing the Mindset: Creating a Risk-Conscious Culture”

A brief word about John Pironti
We are delighted to have John Pironti present on Hacker Hotshots, not least because he brings such a diverse range of skills and experience that spans two decades. He has designed and implemented enterprise wide IT business solutions, information security and risk management strategy and programs as well as resiliency capabilities and threat and vulnerability management solutions for many customers within a range of industries.

Mr. Pironti has achieved a plethora of InfoSec certifications such as Certified Information Systems Auditor (CISA), Certified in the Governance of Enterprise IT (CGEIT), Certified Information Security Manager (CISM), Certified in Risk and Information System Control (CRISC), Certified Information Systems Security Professional (CISSP), Information Systems Security Architecture Professional and (ISSAP) and Information Systems Security Management Professional (ISSMP).

With such experience it is hardly surprising that he is frequently asked to act as a trusted adviser to senior leaders of numerous organizations on information security and risk management and compliance topics and is also a member of a number of technical advisory boards for technology and services firms. He is also an accomplished author and writer and regularly quoted and interviewed by the media.

A brief word about IP Architects
IP Architects provide innovative solutions for Information Risk Management and Security, IT strategy and management, governance, enterprise risk management and compliance. Essentially IP Architects are involved within the Information Risk Management and Security (IRMS) space which needless to say, is a vital component of any serious business. IRMS is a rapidly evolving concept within many of today’s organizations, especially those that have been victims, or have seen competitors, suffer the consequences of poor risk management policies.

Information Risk Management and Security (IRMS)
Understanding the principles of risk management is a great place to start before appreciating what impact a solid IRMS policy can have to an organization. The International Organization for Standardization (ISO); the world’s largest developer of voluntary International Standards identify the following principles of risk management:

According to the ISO, risk management should contain the following principles:

  • Create value – resources expended to mitigate risk should be less than the consequence of inaction, or (as in value engineering), the gain should exceed the pain
  • Be an integral part of organizational processes
  • Be part of decision making process
  • Bxplicitly address uncertainty and assumptions
  • Be systematic and structured
  • Be based on the best available information
  • Be tailorable
  • Take human factors into account
  • Be transparent and inclusive
  • Be dynamic, iterative and responsive to change
  • Be capable of continual improvement and enhancement
  • Be continually or periodically re-assessed

The presentation: July 30th, 1200 EST “Changing the Mindset: Creating a Risk-Conscious Culture”
As always with Hacker Hotshots, we like to let our community know what each speakers will be discussing – here are John’s learning outcomes:

You’ll learn the following!

  • Key considerations when creating a risk aware and security conscious culture
  • How to use risk management as a concept and tool to remove the fear of security in organizations
  • The value and benefits of developing an information risk profile
  • Understanding of the current behaviors of organizations and whey they exist in regard to information security
  • Effective approaches to change behaviors and culture within organizations
  • How to leverage users effectively as an beneficial asset in supporting risk management and security activities
  • How to use threat and vulnerability analysis to identify and educate organizations on the highly probable and business impacting threats can effect them
  • Using control objectives as an approach to effectively manage information risk in a way that will be embraced by organizations.

In Summary
We are delighted to have John on the show because he brings a new and important subject to our audience. Our understanding is that creating a risk-conscious and security-aware culture within an organization is absolutely vital, after all, we are only as strong as our weakest (human) security-conscious employee! Investment in information security training and education is key, something which we fully appreciate here at Concise Courses.

What level of information risk management does your organization hold? Indeed, is this even a subject discussed? We’d love your thoughts and feedback and please remember, if you miss the event, hit this link and you will be able to watch a replay.

Leave a comment or reply below...thanks!