Webinar: Moving from CIS RAM to Risk Management
DATE: December 9th, 12PM – 1PM CST
WHERE: Virtual
CIS RAM has made cybersecurity risk assessments simple, whether you’re a small organization or a large enterprise.
Join panelists from Rockwell Automation, Reasonable Risk, and Center for Internet Security who will discuss how technical and non-technical decision-making each need different kinds of information. Also, get practical advice on demonstrating the effectiveness of your program and converting your risk register into the information that your non-technical executives need.
In this webinar, you’ll learn:
- How the information in your CIS RAM risk register can be converted into dashboards and roadmaps that are meaningful to non-technical executives.
- Holding conversations and collaborating on decisions.
- How do you demonstrate your program is effective to interested parties?
Chris Cronin
Partner, HALOCK Security Labs
Chris Cronin is a Partner at HALOCK Security Labs, a US-based, risk management and cybersecurity consulting firm. Chris and his team help organizations manage their information security risks, and they work with U.S. regulators and attorneys as expert witnesses in data breach cases. Fluent in technology, regulations, management, audit, and the law, Chris’ expertise is wide-ranging and helps organizations understand how well-designed information and cyber security programs align to business interests and legal expectations.
Chris developed Duty of Care Risk Analysis (DoCRA) and CIS RAM to help management, cybersecurity experts, and attorneys work toward a common goal of “reasonable” security. U.S.-based regulators have been using DoCRA as a test for reasonable security when it is applied to ISO 27001, the NIST Risk Management Framework, CIS Controls, PCI DSS, or other frameworks to secure important information assets.
Phyllis Lee
Vice President of Security Best Practices Content Development, CIS
Phyllis has over 25 years of experience in information assurance and has performed vulnerability assessments, virtualization research, and worked in security automation. Prior to joining CIS, Lee worked at the National Security Agency (NSA) focusing on the intersection between malware and virtualization, which included collaboration with MIT Lincoln Labs. Lee also participated in a variety of security automation standardization efforts and led the security automation strategy for the NSA Information Assurance Directorate (IAD). She graduated from Johns Hopkins University with a Master of Science in computer science.
Bob Pingel
Cybersecurity Strategist, Rockwell Automation
Bob Pingel is a long-time cybersecurity risk professional. He has held multiple security roles at Rockwell Automation in both Enterprise and Product security. He currently serves as a Product Security Strategist, ensuring Rockwell Automation’s offerings are commercially compelling and compliant from a security perspective. One of his focus areas is the EU Cyber Resilience Act (CRA), the groundbreaking market-access regulation demanding risk-based cybersecurity functionality and vulnerability management. He is part of European Standards process serving on CENELEC Joint Technical Committee 13 / Working Group 9, defining the horizontal standards for the CRA.