PRACTICE POINT: Cybersecurity - A CCO's Guide to What Regulators Expect

Today, ReGroup hosted a virtual discussion with John Cunningham, co-author of Wolves, Sheep, and Sheepdogs: A Leader's Guide to Information Security; former Chief Information Risk Officer, Head of Information Security/Risk, Architecture, and IT Governance at Ares Management, LP, and current CISO and CIO at Docupace Technologies, entitled CYBERSECURITY: A CCO's Guide to What Regulators Expect.

Having sat through countless conference sessions and webinars focused on cybersecurity issues, I can say with 100% certainty that yours was the best I’ve seen. The practical/real world compliance angle separated it from all the others.
— General Counsel and CCO attendee

In this 1-hour presentation, John—an enthusiastic presenter who makes complex material digestible and whose practical perspective makes this time worth spending –walked us through the following:

  • SEC and state regulators’ expectations for your firm’s cybersecurity program
  • Five key questions you should ask to determine your cybersecurity program’s level of effectiveness
  • Leading practices for how compliance and IT together can contribute to the necessary corporate culture
  • Five categories of the NIST Cybersecurity Framework (the same framework used by the SEC) to build a risk-based control framework

We enjoyed John’s candor and credibility when it came to this prevalent topic and hope you do, too! 

Note: audio begins at 0:46.

  • Overview (4:08)
  • CISO Role (5:32)
  • How to Hire (16:07)
  • Regulatory Expectations (21:02)
  • What Regulators Want to Know (21:52)
  • CEO Expectations (27:16)
  • Five Key Questions (30:50)
  • Roadmap (39:03)
  • Meeting Expectations (47:20)
  • Online Resources (52:35)

Click here to download the presentation slides with resource links.