Home Tuck Dartmouth Search Site Map Contact Us

Assessing Risk in Turbulent Times
A Workshop for Information Security Executives
July 13-14, 2009. Hanover, NH

In this workshop, CISOs and directors of information security engaged in a moderated roundtable, panel discussions, and structured breakouts, exploring how to assess evolving risks.

Agenda
PDF (32K)

Discussion Guide
PDF (32K)

Participants
PDF (32K)

Overview
PDF (32K)

Annoucement
We are all facing some of the biggest changes of our working lifetime. Well before the current downturn, enterprise information technology and business itself was changing.  Security executives in every industry were already struggling with the consumerization of technology, globality, and the challenges of securing information across far-flung employees, partners, and customers.  The explosion of communication capabilities has empowered a new generation of employees who are operating in new, more virtual world.  These steady changes continue to rock traditional operating models, transforming the character of work, shifting the nature of the employer-employee relationship, and changing the boundaries of the firm. 

The downturn has moved the rate of change to entirely new level.  Deepening cost pressures and organizational transition have opened new risks and made everyone’s job more challenging.  With downsizing comes process disruption and organizational gaps.  Business partners, squeezed by the same forces, are themselves growing risks.  And the downturn seems to have also increased innovation among economically motivated criminals. 

In this workshop, CISOs/directors of information security discussed how companies are assessing and managing these new risks.  Using a moderated roundtable, panel discussions, and structured breakouts, we explored how firms are assessing, rating, and managing:

Evolving threats:  Many firms have noticed a rise in attacks and new innovation among cyberthieves.  Is this real and should we expect more?  How do you assess these new risks and prepare your organization?

New internal risk:  Almost every organization is facing in new levels of transition.  With organizational changes come new risks.  Shifting roles often open gaps in process execution and erode policy compliance.  Employees leaving the firm exit with intellectual property.  Those who remain are stretched ever more, making it harder to ensure good security hygiene. How do you evaluate and manage these risks?

Vendor risk:  Business partners often represent one of the greatest unknowns.  How do you access and rate the risk suppliers, vendors, and partners.

Workshop Executive Advisory Council (all will be participating)
   Eric Cowperthwaite, CISO Providence Health & Service.
   Mauricio Guerra, Global Director of Information Security, Dow Chemical Co.
   Ann Halford, VP of World Wide Security, Staples
   Phil Venables, Managing Director and Chief Info Risk Officer, Goldman Sachs

CISO Workshop Series
2008 Senate Forum
SecuritySecurity through Information Risk Management, Security & Privacy Magazine, IEEE (June 2009)
I3P - The Institute for Information Infrastructure Protection
Center for Digital Strategies' Information Security Research