Forrester's Security Forum 2012
2011 proved that the concept of absolute information security is a fallacy; in 2012, CISOs need to be planning for failure and recovery. Cyber liability insurance is an interesting risk mitigant that is rapidly gaining credibility and attention from large corporations. This session will explore the available products and their value to an organization. Key takeaways will include:
Aggressive global competition, greater service demands, more restrictive regulatory requirements, and increasingly rigid corporate oversight all raise the expectations for achieving and demonstrating business resiliency. Business continuity, IT disaster recovery, and information security are essential elements of business resiliency, with the common objective of managing the risks of business disruption. While all have traditionally operated as separate silos, they follow very similar business impact analysis and risk assessment processes, with heavy reliance on controls documentation, monitoring, and testing. Security & Risk Professionals should apply a common risk-based approach to these disciplines to streamline processes, improve cross-discipline collaboration, and provide a common system of managing risk.
Andrew's research contributes to Forrester's offerings for the Security & Risk Professional. He is a proven security leader, capable of transforming security teams into highly effective groups and driving efficiencies to deliver results with limited resource. Andrew is a leading expert in information security and risk management, ISO27001 frameworks, supplier review, and business engagement; information security policy development; information security strategy; and governance, risk, and compliance (GRC) initiatives.
Prior to joining Forrester, Andrew was a CISO in the legal sector. He transformed security management for two major global firms, revising policies, setting strategy, introducing IT audit, and developing the maturity of the security teams. Ultimately, he led both firms to ISO27001 certification. Andrew was chairman of the Legal Security Forum, the industry's information security special interest group, and worked with the industry regulators to define and communicate best practices. Before entering the legal sector, Andrew worked in the insurance industry providing security consultancy and developing IAM teams. He has been a regular columnist for several risk-focused magazines and recently retired from the UK ISSA Executive Advisory Board.
Andrew holds a master's degree in information security from Westminster University. Andrew is also a certified information systems security professional (CISSP), a certified information security manager (CISM), certified in risk and information systems control (CRISC), and a trained ISO27001 lead auditor.