An Evidence-Based Cybersecurity Approach to Risk Management
Risk assessment and risk management are key principles in organizational cybersecurity operations. The aim of these two activities is to identify and evaluate the level of risk the organization faces from various threat sources.
It is impossible to measure a risk precisely, and difficult to assess the effectiveness of security tools in reducing a risk. These challenges result in organizations allocating fewer resources to security solutions and more on alternatives that may be more visible.
The workshop is designed to explore how organizations evaluate and assess cyber risk in the context of their corporate governance and fiduciary responsibilities. During the workshop and discussion, we will focus on:
– Analyses of contemporary issues surrounding the identification and mitigation of cybersecurity risks.
– How risks are elevated and communicated to corporate boards of directors and decision makers.
– Ultimately, outlining the ability of the officers and directors to make decisions concerning such risks in reliance on the business judgment rule.
We will further examine attorney-client privilege in the context of risk assessments, the utility of reporting cyber risks to corporate officers and general counsel, and the ability to protect legal advice related to report conclusions under the attorney-client privilege.
Attendees will participate in robust discussions and analyses of these issues with participants representing a wide spectrum of Atlanta-based companies across multiple industries and economic sectors. Attendees will obtain exposure to other similarly situated participants and obtain insight into how others are dealing with the risks in the area of cybersecurity. Finally, attendees will learn about the legal implications surrounding corporate decision-making when it comes to cybersecurity risk.
This program is ideal for Chief Information Security Officers, Chief Risk Officers, Chief Executive Officers, Corporate Directors, and General Counsel wanting to learn more about risk assessment and risk management related to organizational cybersecurity operations.
This workshop is sponsored by the Center for Evidence-Based Cybersecurity at Georgia State University, Adams and Reese LLP, and Grant Thornton LLP.
Keynote Speakers
Dr. David Maimon, Director Center for Evidence Based Cybersecurity, Georgia State University
David Maimon is an Associate Professor in the department of Criminal Justice and Criminology at Georgia State University. He received his Ph.D. in Sociology from the Ohio State University in 2009. Prior to joining Georgia State University ranks, David held a professor position in the University of Maryland. David’s research interests include theories of human behaviors, cyber-enabled and cyber-dependent crimes and experimental research methods. His current research focuses on computer hacking and the progression of system trespassing events, computer networks vulnerabilities to cyber attacks, and decision-making process in cyber space. He is also conducting research on intellectual property and cyber fraud.
Johnny Lee, J.D., Principal & National Practice Leader, Forensic Technology Services, Grant Thornton LLP
Johnny Lee is a forensic investigator, management consultant, and attorney, specializing in data analytics, digital forensics, and electronic discovery in support of investigations, data breach response, and litigation. He also provides advisory services to companies working to address complex Cybersecurity, Blockchain, Information Governance, and Data Privacy issues. Johnny is a frequent speaker, author, panelist, and contributor on issues involving CyberSecurity, Forensic Investigations, Blockchain, eDiscovery, Data Analytics, Information Governance, Records Management, and the effective use (and risk management) of Information Technology. He operates the ForensicUpdate.com blog, and he can be found on Twitter via the handle @ForensicUpdate. Johnny received his J.D. from the Georgia State University College of Law.
David Katz, J.D., Partner, Adams and Reese LLP
David Katz is a partner at Adams and Reese LLP in Atlanta, Georgia. His practice encompasses privacy law and compliance, data security, data management and data governance, vendor management, corporate governance, crisis management, regulatory compliance and ethics. In addition to his work with clients in the areas of cybersecurity, technology, data protection and privacy, David is a prolific author and in-demand speaker on these topics. His thought leadership in this area has reached audiences nationally and globally. Prior to entering private practice, David served as senior legal counsel and privacy manager in the corporate law department, advising Aaron’s, Inc., a Fortune 1000 publicly traded company. He also served as a Senior Assistant District Attorney for the Office of the District Attorney for Fulton County, and as a Senior Assistant State’s Attorney – Firearms Enforcement Violence Enforcement (F.I.V.E.) Division in the Office of the State’s Attorney for Baltimore City and as Assistant State’s Attorney in the Narcotics Division and District Court Division. David also served his country as Captain in the Judge Advocate General Corps in the United States Army Reserves. David earned his J.D. from the University of Baltimore School of Law.
Schedule
8:30 Breakfast
9:00 Risk Management and “Market for Lemons”: Dr. David Maimon, Director of the Center for Evidence Based Cybersecurity, Georgia State University
9:40 Process Evaluation: J.D. Johnny Lee, Principal & National Practice Leader, Forensic Technology Services, Grant Thornton LLP
10:20 Risk, Communication and Governance: J.D. David Katz, Partner, Adams & Reese LLP
11:00 Break
11:15 Group discussions
12:30 Lunch
1:15 Group discussions
2:30 Summary
3:15 Conclusion