In episode 61 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Stephanie Gass, Director of Governance, Risk, and Compliance. Together, they discuss the components of an effective cybersecurity risk governance program. They explore how to represent technical security questions to others, how to overcome challenges associated with changing the way a company makes decisions related to risk, and how culture plays into these types of shifts. They also reflect on how quantification, supply chain security, and other issues factor into a modern-day approach to governance.

Resources

• Follow Stephanie on LinkedIn
• How to Navigate the Cybersecurity Audit Cycle with CIS SecureSuite
• Episode 9: Mitigating Risk – Information Security Governance
• Remote Attestation Enabling Posture Assessment for Automated GRC
• CIS Software Supply Chain Security Guide
• Service Provider Management Policy Template for CIS Control 15

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].