On-Demand: A Risk-based Approach to Cyber Security: a masterclass on what to do and how to do it

Deploying a risk-based approach to cyber security can seem a daunting task, whether you are building a programme from scratch, or rebuilding and reshaping what currently exists. Today, there is plenty of regulation (and positioning by Audit, CISO, ERM, etc.) around taking a risk-based approach, but little actionable guidance on conducting reliable, consistent risk assessment across the business.

Without knowing what ‘good’ looks like, organisations cannot reap the benefits of a risk-based approach – becoming more proactive rather than reactive; having a comprehensive view of risk to better direct budget; be able to fill gaps in cyber security programmes to become more robust – and generally saving time, money and the headache of a data breach.

In this 2-hour masterclass, Nick Frost, Co-Founder & Director at CRMG provides clarity about what a leading cyber risk management capability looks like, and a step-by-step approach to help you apply it to your business. Nick is joined by Martin Tully, Principal Consultant at CRMG who provides a case-study based on his experience to demonstrate best practices and lessons learnt.

Watch the full masterclass on-demand.


The masterclass covers the following key areas:

– the foundations that are needed before you start assessing risk
– what an assessment process MUST cover
– samples of reporting risk to a range of audiences (IT, Management, procurement and legal)
– a process for evolving and maturing your cyber risk capability.

The masterclass also touches upon topics such as quantitative approaches to risk, as well as how cyber risk reporting can influence senior management decisions around capital adequacy.


About the speakers

Nick Frost                                                 Martin Tully
Co-Founder & Director, CRMG               Principal Consultant, CRMG
Industry: Professional Services            Industry: Information
Expertise: Information Risk                   Expertise: Cyber Security Assurance


The webinar is supported by the following:

The Chartered Institute of Information Security (CIISec) is the only pure play information security institution to have been granted Royal Charter status and is dedicated to raising the standard of professionalism in information security.

Galvanize builds security, risk management, compliance, and audit software to drive change in some of the world’s largest organisations.

For more information please contact info@crmg-consult.com.