Information Security Risk Management - No Exceptions!
- Mark Williams
- Tuesday, February 17th, 8:15pm - 9:15pm
As a risk analyst or manager, it is likely that your days are filled with requests for exceptions to policy to permit people to do things wrong. I believe there is a better way. Permitting exceptions can be a valuable tool in developing a process life cycle. It can also become an easy way to avoid making decisions to upgrade or improve systems.
We are all faced daily with decisions on whether to permit exceptions. Let me show you how I think that continuous risk assessment and risk management can actually avoid the need for exceptions. By using a logical approach to risk identification, categorization and decision making, you too can do the "impossible" and say:
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Master's Degree Presentation: Presentations given by SANS Technology Institute's Master's Degree candidates.