In every organization, there are a multitude of applications and devices and a universe of threats and vulnerabilities. Every process, function and system has certain risks and compliance requirements. It is no longer enough to have a handful of diligent security and compliance professionals managing the organization's risk strategies and controls. Their processes must embrace business and mission professionals' knowledge of risk, who evaluate the causal impact of threats to their operational performance, and participate in decision-making to meet their risk posture goals.
Organizational GRC context is achieved by correlating business criticality, threat reachability, IT controls and vulnerabilities to optimize business performance through prioritized remediation, resulting in the desired risk posture with compliance governance. CIOs and CROs need to holistically integrate threat and vulnerability management processes into the broader IT governance and risk management program. This approach will allow IT organizations to not only deal with cyber-threats effectively, but also manage IT risks and compliance mandates more proactively.
Join this executive panel as we discuss ways to use threat and vulnerability management to enable your IT GRC program.
Eric Vanderburg is an information security executive, author and expert witness. Some have called him the "Sheriff of the Internet"since he and his cybersecurity team at JurInnov protect companies from cyber threats, investigate data breaches, and provide guidance on safe computing. Eric has an MBA from Kent State University and holds over 30 certifications including the CISSP and HISP. He regularly presents on security topics and is the author of the official CompTIA Storage+ guide from McGraw Hill. Eric serves on the board of directors for the Technology Ministry Network, a non-profit group that provides technology services to churches and others in Christian ministry. He is also on advisory boards for several colleges. Prior to working at JurInnov, he worked as a security consultant and professor of computer information systems.
Joe Fantuzzi, President and CEO, Agiliance, Inc.Joe has been president and CEO since January 2010. He drives the company's business direction, strategy, and execution. Joe's team successfully pioneered and delivered the first massively scaled, real-time Cyber-Security Operational Risk solution in the market. Bringing 25 years of software experience to Agiliance, Joe is an expert in creating high-growth, venture-backed businesses in emerging technology markets, and has helped building over $3 billion in market valuation as an executive for industry leading companies throughout his career. Joe is a 2013 graduate and member of MissionLink, a prestigious group tackling security issues for defense, intelligence, and national security. Joe holds a Master's degree in Computer Engineering from Tufts University in Boston, MA and a Bachelor of Science degree in Electrical Engineering from Bucknell University in Lewisburg, PA.
Vivek Shivananda is the Co-Founder/President and CEO of Rsam. Vivek has a history in creating high-growth technology businesses. Prior to founding Rsam, as COO of eB Networks Vivek successfully grew its $30 million information security and network infrastructure consulting services and eventually sold it to Inrange Technologies in 2001. Prior to eB networks, Vivek held several management and consulting positions at Cap Gemini. A respected member of the GRC community, Vivek is a guest speaker at industry conferences. Vivek is a C.I.S.S.P., and holds bachelors and masters degrees in electrical engineering, as well as an M.B.A. from Carnegie Mellon's Tepper School of Business.
Yo Delmar is the vice president of GRC Solutions at MetricStream and is focused on the company's GRC market leadership. She has over 30 years of experience in Information Technology and Management, with a focus on Governance, Risk and Compliance over the past 10 years. Yo is responsible for MetricStream's Customer Program for over 300 companies world-wide and drives MetricStream's GRC Journey Program which provides expertise in helping companies implement strategies and programs for governance, risk and compliance (GRC) solutions that add strategic value while delivering dramatic cost savings. Yo has led start-ups and business units within system integration and outsourcing companies, and provided advisory services to F1000 on the implementation of GRC programs. She holds a B.Sc. (Honors) in Mathematics and Computer Science and an M.B.A. from Dalhousie University in Canada. She is also a Certified Management Consultant (CMC), Certified in Governance of Enterprise IT (CGEIT), and a Certified Information Security Manager (CISM).