A Cost-Effective Approach to Security Risk Management – Jack Jones – CSP #56
Full Audio
View Show IndexSegments
1. A Cost-Effective Approach to Security Risk Management – Jack Jones – CSP #56
Risk management is arguably one of the most important functions of the CISO. How does the CISO establish the value proposition for an investment? Using a well-tested risk framework, Jack discusses how to evaluate and compare the current state of loss exposure and the expected reduction from applying a set of alternative controls.
To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIESJackJones_Article.pdf
Jones, J. 2019. Meeting The Cost-Effective Imperative. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 286-7. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!
Guest
Jack has worked in information security for over thirty-five years, including ten years of experience as a CISO with three different companies, including a Fortune 100 company. His work was recognized in 2006 with the ISSA Excellence in the Field of Security Practices award. In 2012 Jack received the CSO Compass award for risk management leadership. An adjunct professor at Carnegie Mellon University, he teaches in the CRO and CISO executive programs. Jack also created the “Factor Analysis of Information Risk” (FAIR) model adopted as an international standard. Currently, Jack is the Chief Risk Scientist at RiskLens and Chairman of the FAIR Institute, an award-winning global non-profit organization. He has also co-authored a book on FAIR entitled “Measuring and Managing Information Risk, a FAIR Approach” which was inducted into the Cyber Security Canon in 2016. He also contributed to a book entitled “CISO Compass”, which was inducted into the Cyber Security Canon in 2020.
Host
Todd Fitzgerald promotes CISO/CPO leadership via the SCMedia CISO STORIES weekly podcast, advisory board participation, and international speaking engagements. Todd serves as VP, Cybersecurity Strategy, CyberRisk Collaborative. Todd authored 5 books, including #1 New Release (2024) Privacy Leader Compass: A Comprehensive Roadmap for Building and Leading Practical Privacy Programs, and #1 Best-selling (2019-2023) and 2020 CANON Cybersecurity Hall of Fame book, CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers. Named 2016–17 Chicago CISO of the Year, Todd’s senior leadership positions include Northern Trust, Grant Thornton International, Ltd, ManpowerGroup, Wellpoint/National Government Services, Zeneca/Syngenta, IMS Health and American Airlines.