Minimum Viable Risk Management Program

Presented at BSidesLV 2017, July 26, 2017, 2 p.m. (55 minutes)

Most information risk management programs are cumbersome and expensive, requiring expertise and time that smaller organizations may not have. In addition, many attempts to start an information risk management program fail when the program seems to have no relevance to the organization except during audits. This talk will cover a risk management program that is lightweight, useful, and can scale as the organization matures without having to throw out existing work and start over. This process has been successfully implemented; the first stages require no specialized tools.

Presenters:

• Rachael Lininger - Leviathan Security Group
  Information security analyst, risk consultant, Cthulhu cultist. Lawful good. Opinions belong to her autocorrect, not her employer. @0xdaeda1a

Links:

• https://bsideslv2017.sched.com/event/BNG7/minimum-viable-risk-management-program
• https://infocon.org/cons/Security BSides/BSides Las Vegas/Bsides Las Vegas 2017/Minimum Viable Risk Management Program - Rach.mp4
• https://infocon.org/cons/Security BSides/BSides Las Vegas/Bsides Las Vegas 2017/Minimum Viable Risk Management Program - Rach.eng.srt (subtitles)
• https://www.youtube.com/watch?v=9pmvwh8Rcyw

Similar Presentations:

• AppSec USA 2015 / Training (1 day): Risk Management Like a Boss: Making Your Risks Work for You
• SOURCE Seattle 2017 / Minimum Viable Risk Management Program
• Texas Cyber Summit 2019 / CS-2024 The Risk Management Hydra and why you need multiple assessments