A Risk-based Approach to Cybersecurity: a masterclass on what to do and how to do it

Date: Thursday, June 25, 2020
Time: 2pm-4pm BST
Location: Online webinar


Deploying a risk-based approach to cybersecurity can seem a daunting task, whether you are building a programme from scratch, or rebuilding and reshaping what currently exists. Today, there is plenty of regulation (and positioning by Audit, CISO, ERM, etc.) around taking a risk-based approach, but little actionable guidance on conducting reliable, consistent risk assessment across the business.

Without knowing what ‘good’ looks like, organisations cannot reap the benefits of a risk-based approach – becoming more proactive rather than reactive; having a comprehensive view of risk to better direct budget; be able to fill gaps in cybersecurity programmes to become more robust – and generally saving time, money and the headache of a data breach.

In this 2-hour masterclass, Nick Frost, Co-Founder & Director at CRMG will provide clarity about what a leading cyber risk management capability looks like, and a step-by-step approach to help you apply it to your business. Nick will also be joined by Martin Tully, Principal Consultant at CRMG who will provide a case-study based on his experience to demonstrate best practices and lessons learnt.

The masterclass will cover the following key areas:

– the foundations that are needed before you start assessing risk
– what an assessment process MUST cover
– samples of reporting risk to a range of audiences (IT, Management, procurement and legal)
– a process for evolving and maturing your cyber risk capability.

We will also touch upon topics such as quantitative approaches to risk, as well as how cyber risk reporting can influence senior management decisions around capital adequacy.

About the speakers

Nick Frost                                                 Martin Tully
Co-Founder & Director, CRMG               Principal Consultant, CRMG
Industry: Professional Services            Industry: Information
Expertise: Information Risk                   Expertise: Cybersecurity Assurance


The webinar is supported by the following:

The Chartered Institute of Information Security (CIISec) is the only pure play information security institution to have been granted Royal Charter status and is dedicated to raising the standard of professionalism in information security.

Galvanize builds security, risk management, compliance, and audit software to drive change in some of the world’s largest organisations.

For more information or to register your place, please contact info@crmg-consult.com.