AT&T will discuss the evolution from a maturity-based cyber risk approach where you “monitor everything”. This requires numerous applications to be monitored across the organization which inevitably outstrips the capacity of analysts to monitor them- death by tools/alerts.    A risk-based approach does two critical things at once. First, it designates risk reduction as the primary goal. This enables the organization to prioritize investment, including in implementation-related problem solving, based squarely on a cyber program’s effectiveness in reducing risk. Second, the program distills top management’s risk-reduction targets into precise, pragmatic implementation programs with clear alignment from the executive director to the front-line employees. Following the risk-based approach, an organization will no longer “build the control everywhere” but rather, the focus will be on building the appropriate controls for the worst vulnerabilities, to defeat the most significant threats, those that target the business’s most critical areas. This approach allows for both strategic and pragmatic activities to reduce cyber risks.

Session Objectives: Learn how to identify critical functions, applications, and data in your environment, what risks should be mitigated, transferred, accepted, or eliminated, and how to identify, prioritize, deliver, and manage security controls.

PLATINUM SPONSOR: AT&T