The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Nick Sturgeon - IU Health & IU School of Medicine

Students: Spring 2024, unless noted otherwise, sessions will be virtual on Zoom.

Cyber Risk Management 101

Mar 25, 2020

Download: Video Icon MP4 Video Size: 158.2MB  
Watch on Youtube Watch on YouTube


How does an organization know which security controls, applications, or programs to implement, when everything is a threat and every system is vulnerable? Looking at cybersecurity through a risk management lens is one way of reducing the noise of the threat environment. This presentation will discuss why having a Cyber Risk Management (CRM) program is a critical piece to an effective cybersecurity program. This presentation discuss the various Cyber Risk Management frameworks, the building blocks of an effective CRM program, regulatory & standards bodies driving cyber-risk management, metrics, CRM life cycle, and finally, how CRM fits into the overall Enterprise Risk Management program. At the end of the presentation the attendees will have the building blocks to start building a Cyber Risk Management program in their organizations. Additionally, this presentation will look at a few case studies through the cyber risk lens and how a CRM program would have aided in identifying those issues and risks.

About the Speaker

Nick Sturgeon currently serves as a Director of Information Security for IU Health and IU School of Medicine. His responsibilities include supporting the IU School of Medicine cyber risk management program and leading IU Health's Security Research & Red Team. Nick has worked in Information Technology for over 15 years, with 10 years in Cybersecurity, nine years in Law Enforcement, and 10 years in State Government. Nick earned his Bachelor of Science in Management Information Systems from Indiana State in 2003 and a Master of Science in Cyber Forensics from Purdue 2015. Nick has extensive experience in incident response, digital investigations, criminal investigations, digital media recovery, criminal law, data governance, end point protection, network & log analysis, vulnerability management, security operations, incident management, project management, as an instructor, and service implementation of managed security services. Throughout his career he has supported multiple industries and sectors including, academia, State\Local\Tribal\Territorial (SLTT) Governments, healthcare, Information Technology and manufacturing. In addition to his current duties, Nick is a host on two podcasts, is a part time Information Security Instructor at UTSA and Adjunct Professor at the University of Southern Indiana. He also serves as a board member for the Cyber Resilience Institute, Ohio River valley Chapter of the Cloud Security Alliance, and the National Council of Registered ISAOs.

Ways to Watch


Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!