PRACTICE POINT: Cybersecurity - A CCO's Guide to What Regulators Expect
Today, ReGroup hosted a virtual discussion with John Cunningham, co-author of Wolves, Sheep, and Sheepdogs: A Leader's Guide to Information Security; former Chief Information Risk Officer, Head of Information Security/Risk, Architecture, and IT Governance at Ares Management, LP, and current CISO and CIO at Docupace Technologies, entitled CYBERSECURITY: A CCO's Guide to What Regulators Expect.
In this 1-hour presentation, John—an enthusiastic presenter who makes complex material digestible and whose practical perspective makes this time worth spending –walked us through the following:
- SEC and state regulators’ expectations for your firm’s cybersecurity program
- Five key questions you should ask to determine your cybersecurity program’s level of effectiveness
- Leading practices for how compliance and IT together can contribute to the necessary corporate culture
- Five categories of the NIST Cybersecurity Framework (the same framework used by the SEC) to build a risk-based control framework
We enjoyed John’s candor and credibility when it came to this prevalent topic and hope you do, too!
Note: audio begins at 0:46.
- Overview (4:08)
- CISO Role (5:32)
- How to Hire (16:07)
- Regulatory Expectations (21:02)
- What Regulators Want to Know (21:52)
- CEO Expectations (27:16)
- Five Key Questions (30:50)
- Roadmap (39:03)
- Meeting Expectations (47:20)
- Online Resources (52:35)