Risk Assessments Lessons Learned, Part I: Cybersecurity

Conducting cybersecurity risk assessments has become a widely accepted best practice to help organizations identify and mitigate cybersecurity gaps and vulnerabilities. These risk assessments are often aligned against a range of frameworks including, for example, the NIST Cybersecurity Framework or ISO 27001/2. Regardless of the framework, or whether the risk assessment is conducted by internal information security staff or a third-party vendor, a common group of findings has emerged. This program will outline some of the most common lessons learned from cybersecurity risk assessments.  Armed with this information, counsel can engage in informed discussions with their information security staff and providers to formulate a plan that improves the organization's overall cybersecurity posture.

Learning Objectives: 

1. Review considerations for organizations seeking to engage in a cybersecurity risk assessment

2. Discuss vocabulary to engage in discussions with information security staff and third-party vendors about identifying cybersecurity risks

3. Identify lessons learned from helping clients through the cybersecurity risk assessment process