Senior Manager Cyber Security Services at MNP
Jason Murray has almost 20 years’ experience in IT security. Jason brings extensive technical knowledge of computing and networking systems in a wide range of scales from single desktops to corporate environments. Jason has a deep understanding of information security, networking, and related information technologies allowing him to quickly and knowledgeably inspect system architectures, identify vulnerabilities, assess risks and recommend safeguards to reduce and mitigate risk to information assets. His understanding of security and privacy policies, processes, procedures, and other controls allows him to assess and make recommendations on the non-technical aspects of information security within an organization.
Subject: ground truthing risk: where is it actually at?
MNP has been conducting risk assessments using the same method across many industries and for companies large and small. What do they say about the preparedness of the typical company? Where is the risk actually? Not what you hear on the news, but based on industry sources and the actual ground truth. What threats are big gaping holes in our security posture? What should we do about it? Don’t listen to the vendors, let the data speak.
Benefit: Rather than making a “finger in the wind” appraisal of what risks they are facing, and what controls to deploy, my talk will allow attendees to get a peek at what is actually happening out there. They’ll learn what the actual risks are based on reported incidents and actual controls in place. They’ll learn, based on objective analysis, what controls to investigate, rather than the vendor du jour.
“Cybersecurity risks: Qualitative vs. Quantitative approaches.
Can we actually measure risk? Is “high/medium/low” good enough?