.png){kind=logo}
-optimized.jpg)
Instructor
Mike is the Founder and CEO of NTM Advisory. He embraces disruption, brings calm to chaos, and enjoys delivering transformation programs to solve complex and challenging problems. He is a proven leader of diverse international teams successfully delivering to clients primarily in the financial services, healthcare, and retail industries.
Mike has over 15 years of Consulting and Industry experience – bringing the perspective of both a trusted advisor and a practitioner who has had to make hard decisions and deal with the consequences. Mike built his foundation of expertise with over a decade of experience at PwC across the Cybersecurity and Privacy, IT Infrastructure, Cloud Computing, and Advisory practices. He has designed and run security and privacy programs as a CISO and is an expert at efficiently using resources to pragmatically mitigate IT and business risks.
He holds the Certified Information Security Manager (CISM) certification from ISACA, the ITIL Foundations Certification and previously held the AWS Solutions Architect certification.
Mike holds a Bachelor's degree in Computer Science from the University of Notre Dame, and a Global Executive MBA from the Fuqua School of Business at Duke University, including embedded learning and professional experiences on 4 continents (Shanghai, New Delhi, Santiago, Berlin, and Durham, NC).
This session explores the critical decisions organizations face when designing and scoping risk and compliance programs. We will explore the strategic trade-offs between enterprise-wide compliance ("defending the whole kingdom") and targeted protection of specific systems or data ("defending the crown jewels" or enclaves). We will debate the Enterprise vs. Enclave approach to highlight how organizations can choose between broader or more segmented approaches to cybersecurity.
Specifically, we will deep dive into the scoping strategies for organizations subject to Cybersecurity Maturity Model Certification (CMMC). In scoping a program, many organizations overlook the indirect cost implications of their strategy – for example: a ‘simpler’ decision for internal teams may result in significantly higher costs for external assessors/audits.
Attendees will leave with actionable insights for tailoring their risk and compliance programs to fit their organization's unique operational context and regulatory obligations and language to effectively communicate with their key stakeholders.
Key Learnings include:
1. Understand Risk Prioritization
2. Balancing Breadth and Depth of Compliance Programs
3. Aligning Compliance with Risk Management
4. Practical Frameworks and Methodologies for Building a Compliance Program
1. Understanding the Challenge and Requirement of "Scoping" for Compliance
2. Defining "Crown Jewels" or critical assets for your organization
3. Identifying situations where comprehensive vs. focused compliance makes more sense
4. Case studies and practical recommendations
None
None
.jpg){kind=logo}