Overview
David Saunders will present on the topic of “Risk Assessments Lessons Learned: Part I: Cybersecurity” in this two- part webinar hosted by Lawline. If not already legally required, conducting cybersecurity risk assessments has nonetheless become a widely accepted best practice to help organizations identify and mitigate cybersecurity gaps and vulnerabilities. These risk assessments are often conducted in alignment with a range of frameworks including, for example, the NIST Cybersecurity Framework or ISO 27001/2. Regardless of the framework, or whether the risk assessment is conducted by internal information security staff or a third-party vendor, there are common landmines and issues that arise. This Lawline session will outline some of the most common lessons learned from cybersecurity risk assessments. Armed with this information, counsel can engage in informed discussions with their information security staff and providers to formulate a plan that improves the organization’s overall cybersecurity posture.
In this first installment, attendees will learn:
- Considerations for organizations seeking to engage in a cybersecurity risk assessment
- Vocabulary to engage in discussions with information security staff and third-party vendors about identifying cybersecurity risks
- Lessons learned from helping clients through the cybersecurity risk assessment process, including an overview of some of the most common issues that arise
