Shifting focus: Aligning security with risk management
Jack Jones - Risk Management Insight
Apr 09, 2008Size: 434.7MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractWith few exceptions, executive management doesn’t care about security. They care about risk. In this session, Jack will discuss the differences and share his experiences in taking the information security program at a Fortune 100 financial services company from a security focus to one of risk management. This presentation will cover why the change took place, how it took place (what worked and what didn’t), and the practical benefits that resulted.
About the SpeakerJack Jones has been employed in technology for the past twenty-five years, and has specialized in information security and risk management for eighteen years. During this time, he’s worked in the military, government intelligence, consulting, as well as the financial and insurance industries. Jack spent over five years as CISO for a Fortune 100 financial services company where his work was recognized at the 2006 RSA Conference with ISSA’s Excellence in the Field of Security Practices award. In 2007 he was selected as a finalist for the Information Security Executive of the Year, Central United States. As a member of an international ISACA task force, Jack is helping to develop global standards for IT risk management in the enterprise. He also regularly speaks at national conferences and has developed and published an innovative risk analysis framework known as Factor Analysis of Information Risk (FAIR).
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.