Skip to content

1:00 PM

Rapid Risk Assessment Techniques


Speaker: Andrew Plato

Room: E146

Risk assessments are an integral part of any information security program. However, for many organizations conducting an enterprise-wide information security risk assessment is a massive endeavor.  Some organizations spend 12-18 months to complete a risk assessment that results in thousands of pages of arcane, impenetrable documentation.

Rapid Risk Assessment is not a new methodology. Rather, it’s a new, aggressive approach to existing methodologies, such as NIST 800-30. It is aimed at making risk assessment more efficient and effective.  The keys to this approach is to strip away unnecessary formalities, require hands-on IT skills and simplify language to provide a more business-centric view of risk.  Rapid Risk Assessment can reduce the time to complete an assessment from months to weeks. Moreover, it retains the accuracy and diligence of more traditional methods.

 

Topics Covered

-The challenge of current risk assessment techniques
-The importance of actionable results
-Techniques for conducting rapid risk assessments
-Documentation practices of rapid risk assessors

Intended Audience

-IT auditors & risk managers
-Information security officers (ISO)
-Business executives & managers
-Regulatory compliance staff

Take Aways

Attendees will learn the following from this presentation:

-Why current risk analysis methods are flawed
-The basics of conducting rapid risk assessments
-Strategy for documenting risks in a clear, concise and actionable method

Note: this session is a part of the NW ISSA Security Summit which requires separate payment and registration. See our registration page for details.