Implementing a Risk Management Framework for Continuous Compliance

Recorded: March 23 | 2012

Senior management at all levels are pressured to improve their organizations risk management capabilities. In a landscape filled with new threats and new regulations, risk management has never been more critical to senior leaders in all sectors.

Whether you are maintaining an online banking system, sharing healthcare data with a business associate or rolling out a new mobile device policy to agency staff, you are tasked with understanding the information security risks and the management of controls.

This can be a daunting process, if risk management techniques are too complicated, they may discourage crucial input from colleagues and subject matter experts. If they are too simple, they won't yield enough relevant information to guide important business decisions. Join this roundtable discussion and learn how to:

Develop a multi-tiered risk management approach built upon governance, processes and IT.
Articulate the extent or size of a risk, and learn how to measure and communicate risks.
Implement a risk management framework and link governance and risk to establish continuous compliance.

Speakers

Brandon Dunlap is the Managing Director of research at Brightfly. He has more than 15 years of experience managing business technology risk in large and small organizations. He has served in a variety of roles across heavily regulated industries, successfully leading all aspects of IT security programs, including policy and procedure management, oversight and control, strategy, architecture, development, and training. Currently, he is the Managing Director of Research of Brightfly, an independent, advisory and research firm that focuses on building a collaborative IT practitioner communities and bridging the gaps within information technology, security, risk, compliance, and audit disciplines.

Chris McClean contributes to Forrester's offerings for the Security & Risk professional, leading the company's coverage of governance, risk, and compliance (GRC). He is also a thought leader on the related issues of corporate social responsibility (CSR) and sustainability. He is a frequent speaker on these subjects at vendor events as well as conferences run by industry organizations such as the Risk Management Association. He has also been interviewed by top media outlets such as CFO Magazine, Compliance Week, CRO Magazine, and Treasury & Risk Magazine. Chris serves Forrester clients with research on GRC and CSR strategy, organization, best practices, and technologies, and he is a frequent speaker on these subjects at industry and vendor events. Before coming to Forrester, his background was in marketing for security and risk management vendors, representing a broad range of market segments, such as compliance management, vulnerability management, digital forensics, and security information management.

Puneet Mehta

Puneet Mehta is Chief Technologist & Practice Lead of IT Risk Services for TruOps GRC Hub (from SDG Corporation). Puneet has over fifteen years of experience in diverse technology, leadership, advisory and consulting roles developing Enterprise Security Solutions and Compliance & Risk Management frameworks for Fortune 500 clients. He currently serves as Chief Technologist and Practice Lead – IT Risk Services. In this role Puneet is responsible for leading the technology planning, design, and architecture of TruOps™ GRC Hub. As a Risk practitioner Puneet helps clients design and implement solutions and strategies to improve business performance by developing business-focused, end-to-end GRC solutions. Puneet's experience spans the spectrum: developing enterprise Information Security strategy roadmaps, providing identity & entitlement management solutions, implementing Compliance & Risk management frameworks, managing IS & compliance Audits and leading information security & risk management initiatives. Puneet holds a Bachelors and Masters in Information Technology & Management from Delhi University, India along with Industry leading certifications – CISSP, CISA, CSSLP, CEH, CPTS, ISO 27001 LA and BS 25999 LA.

Martin Kling has overall responsibility for Software AG's Governance, Risk and Compliance Solution. Besides driving the development of new capabilities to help customers increase their GRC maturity, Martin is actively involved in supervising customer projects during setup and delivery. Martin is also a well-known author on various GRC topics in books, articles and blogs.