Applying the OCEG GRC Capability Model to Information Security

Cyber risks are once again at the top of the list on global risk reports. Today’s reality is not “if” your company will be hacked, but “when.”

In fact, many organizations have already been hacked and don’t even realize it yet. Information security represents some of the largest risks and compliance activities to most organizations, and yet is often ignored because the business impact can be difficult to quantify.

This webinar focuses on applying the OCEG GRC Capability Model to information security efforts, and showing how it works with other information security frameworks and standards. We will also discuss some ways organizations can objectively quantify business impact, so they have better information to use when making investment decisions and resource allocations to manage the risk.

Learning Objectives:

• Learn how the OCEG GRC Capability Model can be applied to Information Security, and how it works with different Information Security frameworks
• Understand how to utilize the Model to provide better management and governance of Information Security
• Find out how to promote, explain, and expand your Information Security program in strategic business terms
• Discover some of the benefits, approaches, and tools to objectively quantify your organization’s information security risks


Presenters:

Jason Mefford, President, Mefford Associates, and Director of Training, OCEG

Aaron Arutunian, Chief Services and Security Officer, VivoSecurity