Drafting Compliance Episode 1

“Out of all the CISO’s and security leaders I’ve spoken with over the last three months, the main theme of 2023 is going to be ‘the year of risk,’ and a lot of that risk we’re talking about at this level is regulatory,” said Kayne McGladrey, Field CISO at Hyperproof.

In response to the ever-changing risk environment, company leadership is asking more and more questions about how to best manage risk. But being able to answer those questions means having a system and process in place to accurately document, manage, mitigate, and report on those risks.

Luckily, some frameworks and processes already exist to help guide you through that process. Kayne McGladrey, Field CISO, will walk you through the current state of risk and how to effectively and accurately communicate risk to your leadership team.

In this presentation, you’ll learn:

● What the 2023 risk landscape looks like

● How risk managers are planning on updating their risk workflows to adapt

● How to communicate risk to leadership

December 6th at 10:45 AM in Atlanta, GA

Kayne and Tom talk about personnel security, background checks, what FedRAMP requires for onboarding and terminating employees as well as a host of tips and tricks for meeting this control family. Of course, they try a new beer and maybe, just maybe, agree on the score.

“If the end user logs on from Seattle, where their mobile phone and laptop is, a connection from New York would be unusual,” McGladrey explained. “It is also possible to note the typing style and speed of a user and use that biometric signature to determine if the user is legitimate. These data [points] make it more difficult for a threat actor to operate silently in the environment.”

“Your incident response plan will be examined during discovery, period, point blank. Keep that in mind. It’s your policy and your plan that are going to be examined by our discovery, and make sure that you can actually do what that policy says and make sure you can do what the procedures say.”