Security awareness programs are undeniably critical to reducing risk within organizations, but their effectiveness can be difficult to measure without user input. This session will workshop what and how to measure the outcomes and behaviors that demonstrate an understanding of the challenges that users face, rather than using legacy approaches to assess knowledge.
Claude Mandy
Sr Director Analyst
Claude Mandy is a Senior Director Analyst responsible for covering a variety of topics across security, risk management and privacy, focusing primarily on what are the building blocks of successful programs, including strategy, governance, staffing/talent management and organisational design and communication. He brings firsthand experience of building information security, risk management and privacy advisory programs with global scope.
Read More
Read Less
Tuesday, 21 June, 2022 / 10:30 AM - 12:00 PM AEST
Workshop: How to Measure the Success of Your Security Awareness Program Without Asking
Tuesday, 21 June, 2022 / 03:45 PM - 04:15 PM AEST
Data Storytelling: A Better Way to Communicate Cyber Risk With Data
Data storytelling offers a more engaging means of communicating risk than BI reporting or data visualization alone. This trend is an extension of the now dominant self-service model of BI, combining data visualization with narrative techniques. What is a data story? When and how should data storytelling be used when communicating cyber risk? What new skills and techniques are needed to create compelling data stories?
Wednesday, 22 June, 2022 / 10:15 AM - 11:45 AM AEST
Workshop: Expanding the Business Impact Analysis (BIA) to Meet Your Security, Risk and Privacy Needs
Conducting a business impact analysis (BIA) is a critical step to determining the importance of IT systems to an organization and planning based on their importance. Join us to learn how to adopt a more holistic Integrated Risk Management approach to BIAs to meet the needs of security, risk and privacy functions outside of their normal usage in business continuity and disaster recovery planning.
Wednesday, 22 June, 2022 / 02:30 PM - 03:00 PM AEST
You’ve Got Third-Party Risk Management All Wrong — Why CISOs Need to Rethink Their Approach
Third-party risk management is a regulatory requirement in most highly regulated industries and good practice in all industries. Today's approaches are mired in lengthy and complex assessments of the security controls of the third party and do nothing to manage cyber risk to your organization. This session will discuss how alternative approaches may drive greater value for your organization.