Enterprise-wide Information Security Risk Assessment 101

Risk assessments are an essential element of overall risk management along with providing the basis for many of your policies, plans, and programs like your information security program, audit program, and business continuity plan. The basis for the risk assessment mandated by GLBA in 2000 was initially thought to be oriented to IT, thus the requirement for an IT Risk Assessment after all it is the IT examiners that are evaluating it. However, today the focus has shifted to an enterprise-wide information security risk assessment that encompasses the entire organization where IT is a key component. Even today, the content of this risk assessment continues to cause some confusion and the fact that the regulators do not prescribe to any specific format, only content, many organizations are finding their assessment being criticized during their exams and audits; and then add the requirement for a cyber security risk assessment to the mix! How can anyone keep it all straight?

Performing risk assessments is a prominent requirement with just about everything you do today. A properly structured enterprise-wide information security risk assessment will not only help you focus your resources and budget dollars where they are needed, but provide the basis for your information security program and IT audit program. The right approach will also get you off to a running start on your all those other risk assessments you need to complete. This presentation will provide an approach for developing an enterprise-wide information security risk assessment and a framework that can be adapted to the other numerous risk assessments now required.

What You Will Learn
What is meant by enterprise-wide?
Where do I start?
Can I outsource the risk assessment?
Is there an approved format or template?
Understanding the difference between IT and enterprise-wide risk assessments
Simplifying the approach
Developing a matrix

Who Should Attend?
Anyone responsible for developing a risk assessment or leading a risk assessment team.

Susan Orr is a leading financial services expert with vast regulatory, risk management, and security best practice knowledge and expertise.

As an auditor and consultant, Susan is dedicated to assisting financial institutions in implementing appropriate policies and controls to protect confidential information and comply with regulatory mandates and best practices. Her expertise as an auditor and former examiner provides her the knowledge and expertise to conduct comprehensive IT general control and data security reviews and assist banks in developing and updating policies and procedures and risk assessments, performing third party risk management, and facilitating testing and training. Susan is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC).

You may contact Susan by phone or email: 630.248.7788 or susan@susanorrconsulting.com

Registration Options

Live Plus Five (days) – $265
OnDemand Recording – $295
CD-ROM – $345
Live Plus Six (months) – $365
Premier Package – $395


Nov 23 2021


1:30 pm - 3:30 pm



More Info