SANS CISO Networking Forum

Virtual - Greenwich Mean Time Wednesday, 3rd November 2021

SANS CISO Networking Forum Agenda

Agenda is all in GMT (may be subject to change)

15:00-15:15 - Opening Remarks by James Lyne, CTO, SANS Institute

Studio Guest:

15:15-16:10 - Parsing Cyber Insurance: Is it a tool or a distraction?

Over the past 30 years, cyber insurance products have grown from a niche market to common conversations in the board room. With the accompanying rapid change in threats and regular headlines grabbing executives' attention, it is no wonder that companies are exploring its potential relief during and after a cyber incident. But is cyber insurance all that it is made up to be? Can it truly help your organization, or does it detract from your overall security program? Join us as Jason D. Christopher, a cyber risk advisor and SANS certified instructor, explores the nuances of insurance products and common misconceptions from the perspective of a former regulator, incident responder, and risk management executive. This session will highlight recent trends in the insurance market and provide insights on how companies have succeeded (and failed) in tapping its potential.

16:15-17:00 - Panel Discussion

    • Curtis Dukes EVP & GM, Center for Internet Security
    • Tony Sager Senior VP & Chief Evangelist, Center for Internet Security
    • Bob Dehnhardt, CISO, State of Nevada
    • Sharif Gardner, Head of Training & Advisory Services, AXIS Capital
    • Dr Kevin Jones, Group CISO, Airbus
    • Phyllis Lee, Senior Director for Controls at Center for Internet Security
    • Eric Tilds, Founder and Managing Member at techGC

    This panel will discuss the key critical issues facing organisations across the globe when implementing cyber insurance policies, to applying these policies to the real world and what that means for businesses.

    • Is cyber security insurance really worth it or not?
    • Are cyber-attacks really seen as an act of war and will insurance companies even pay out?
    • What are the standards of reasonableness around much of the new breach and privacy legislation and insurance standards flooding the cyber industry?
    • “How cybersecurity Insurance companies are starting to use the CIS Controls v8 (formerly the Critical Security Controls) to underwrite policies and adjust premiums, accordingly.”
    • Guidelines for demonstrating adherence to a cyber standard

    17:00 - Closing Remarks