Many CISOs struggle to communicate the business value of maintaining a robust information security infrastructure to senior executives and members of the board, due to a lack of backgrounds in finance and economics.
Information risk and security practices are now recognized as integral components of corporate governance and accountability, yet the risk-adjusted costs of security investments are often poorly understood. Consequently, an organization’s Total Cost of Controls (TCC) will often increase rapidly without producing comparable improvements in risk management efficiency.
Register Here: Expense in Depth - Managing Your Total Cost of Controls
Tuesday March 5th, 11:00AM – 11:50AM
Speaker: Malcolm Harkins
How can a CISO meet expectations for reducing risks while minimizing costs? How can these costs be accurately measured and assessed within the context of an organizations’ overall risk management strategy?
In this informative and interactive session, attendees will be introduced to a TCC model that makes it possible to measure information security as a business function, balancing risks against costs to maximize value and efficiency. Session leader Malcolm Harkins brings the unique perspectives of a seasoned security executive with a dozen years of career experience in finance-related positions.
Harkins will demonstrate how current approaches to evaluating information security costs are economically inefficient and why a TCC model is more cost-effective at managing digital risks. He’ll detail the ten most significant cost and risk drivers, their budget and bottom line effects, and how TCC enables information security to be managed with maximum business efficiency while minimizing risk exposure.
When the session concludes, attendees will be able to measure their organizations’ TCC, position TCC within the larger context of corporate governance, and justify information security investments in terms executives will find both engaging and persuasive, including:
- An outline of top 10 cost and risk drivers attendees should share with executives
- Examples of communicating total cost and risk in the context of the business
- Examples demonstrating how a company can manage risk and cost